HQ/EMEAFind out how we can help your business
A leading American non-profit healthcare provider, Kaiser Permanente, reported suffering from a data breach incident that compromised over 69,000 health-related information of their patients. The involved healthcare firm aids about 12 million individuals from different states in America.
Based on the healthcare firm’s statement on their website, an unidentified threat actor had unauthorised access to a staff’s email account that holds massive data of patients’ protected health information or PHI. The Kaiser Permanente management immediately contacted those affected by the security breach through classified letters.
Some sensitive data compromised in the Kaiser Permanente healthcare breach includes patients’ full names, medical record numbers, and laboratory test results.
Despite the list of highly sensitive patients’ information exposed in the data breach, the healthcare firm said that no social security numbers and credit card data were included. Furthermore, the Kaiser Foundation Health Plan patients were the only ones impacted by the security breach.
Based on the analysis conducted about the incident, the healthcare firm had immediately blocked the unknown hacker’s access to the compromised employee email account a few hours after it was spotted. The password of the said email account was also reset.
To ensure that similar security incidents would be avoided in the future, Kaiser Permanente implemented cybersecurity training for the affected employee, including safe email practices. Moreover, the healthcare firm would also explore further measures to safeguard their organisation against all cyberattacks.
As of now, there are no indications that the compromised PHI from the hacked email account was abused with malicious intentions; however, it is early for the healthcare firm to disregard the likelihood of it happening.
The US DOH and Human Services Office for Civil Rights had disclosed the exact number of individuals impacted by the data breach attack, with 69,589 people now prone to malicious activities from threat actors who have stolen their information.
