U.S. health conglomerate Kaiser recently notified millions of its members about a data breach that occurred earlier this month. In a legally required notice filed with the U.S. government on April 12 and made public on Thursday, the Kaiser Foundation Health Plan confirmed that 13.4 million residents had their information compromised in the breach. The notice did not provide specific details about the breach, only mentioning it as “unauthorized access/disclosure” involving a network server.
Organizations covered under the health privacy law HIPAA are obligated to notify the U.S. Department of Health and Human Services about data breaches involving protected health information, such as medical data and patient records. Kaiser also informed California’s attorney general about the breach but did not disclose further details. A Kaiser spokesperson, Catherine Hernandez, did not respond to requests for comment on the matter.
The Kaiser Foundation Health Plan is affiliated with Kaiser Permanente, one of the largest healthcare organizations in the United States. The plan offers health insurance to employers and reported having 12.5 million members as of the end of 2023. The breach at Kaiser has been listed on the Department of Health and Human Services’ website as the largest confirmed health-related data breach of 2024 so far.
It is unclear whether the breach at Kaiser is connected to the ransomware attack that U.S. health tech giant Change Healthcare experienced in February. UnitedHealth Group, the parent company of Change Healthcare, recently disclosed that criminal hackers stole sensitive health information on a “substantial proportion of people in America,” but did not provide a precise figure.
If you have additional information about the data breach at Kaiser, please contact the reporter via Signal and WhatsApp at +1 646-755-8849, or by email. Files and documents can also be sent securely via SecureDrop.