In recent news, U.S. health conglomerate Kaiser has announced a data breach that occurred earlier this month, resulting in the compromise of 13.4 million residents’ information. The breach was reported to the U.S. government on April 12 and made public on Thursday, with the Kaiser Foundation Health Plan confirming that unauthorized access/disclosure involving a network server had taken place.
Organizations covered under the health privacy law HIPAA are required to notify the U.S. Department of Health and Human Services about data breaches involving protected health information, such as medical data and patient records. Kaiser also informed California’s attorney general about the breach but did not disclose further details. A spokesperson for Kaiser, Catherine Hernandez, did not respond to requests for comment on the matter.
Kaiser Foundation Health Plan is affiliated with Kaiser Permanente, one of the largest healthcare organizations in the United States. The plan offers health insurance to employers and reported having 12.5 million members as of the end of 2023. This breach at Kaiser has been listed on the Department of Health and Human Services’ website as the largest confirmed health-related data breach of 2024 so far.
The connection between this breach at Kaiser and a ransomware attack experienced by U.S. health tech giant Change Healthcare in February remains unclear
