Earlier this month, healthcare provider Kaiser Permanente disclosed a data breach that exposed the protected health information (PHI) of thousands of their patients. In a notice (PDF) dated June 3, 2022, the organization admitted that:
On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.
The sensitive information exposed in the email hack includes:
The notice states that social security numbers and credit card info were not exposed in the breach.
After discovering the breach, Kaiser terminated the hacker’s access to the employee’s emails. They further stated that “the employee received additional training on safe email practices,” suggesting that the attack may have been unwittingly facilitated by an undertrained user.
The notice does not disclose how many people were affected by the breach. However, as required by HIPAA and HITECH laws, breaches exposing protected health information are posted by the U.S Department of Health and Human Services. A quick search of the database showed that this event affected 69,589 individuals (see screenshot below).
There are a few things we can learn from the incident:
AllSafe IT is an IT services, consulting, and IT support firm with a dedicated, certified team of technology experts with a client base spanning a wide range of industries. In today's ultra-competitive world, businesses who don't utilize the full potential of their IT systems often fall behind their competitors - which can ultimately lead to failure. Our services are custom tailored to ensure that your business not only survives, but thrives.