Kaiser Permanente is one of the United States’ biggest nonprofit health plan and healthcare companies that recently reported an email security breach. Although this company provides medical services to over 12.5 million individuals in 8 states and D.C., only about 70,000 members of the Kaiser Foundation Health Plan of Washington were affected by the breach.
Kaiser Permanente mentioned that it became aware of the email security incident on April 5, 2022. It was confirmed that an unauthorized party accessed the email account of one employee. The company took immediate action to protect the account and block unauthorized access. Kaiser Permanente stated that it shut down the account and was able to secure it in just hours.
An investigation was started to find out the nature and extent of the email breach, which confirmed that only one account had been affected. Nevertheless, that account included email messages and file attachments having the protected health information (PHI) of a number of health plan members. The types of data compromised in the breach involved the first and last names of patients, medical record numbers, lab test results data, and dates of service. There was no financial data or Social Security numbers compromised.
There was no proof found that indicates the access or removal of any plan member data from its systems. Nonetheless, it can’t be ruled out that there was no unauthorized PHI access or data theft. Up to now, no report was gotten concerning any actual or attempted improper use of ePHI.
Kaiser Permanente sent notifications to impacted persons on June 3, 2022 telling them to be cautious of likely fraudulence. The employee whose email account was subjected to unauthorized access received supplemental training about proper email handling. The company is also taking additional steps to ensure incidents like this never happen down the road.
The breach is posted on the HHS’ Office for Civil Rights breach website indicating that 69,589 persons were affected.