In a legally required notice filed with the U.S. government on April 12 and made public on Thursday, Kaiser Foundation Health Plan announced that 13.4 million of its members had their information compromised in a data breach that occurred earlier this month. The notice did not provide specific details about the nature of the breach, stating only that there was “unauthorized access/disclosure” involving a network server.
Organizations in the U.S. that fall under the health privacy law HIPAA are mandated to report data breaches involving protected health information to the U.S. Department of Health and Human Services. Kaiser also informed California’s attorney general of the breach but did not offer any additional information. The Kaiser Foundation Health Plan, which is the parent organization of various entities within Kaiser Permanente, reported having 12.5 million members at the end of 2023. The breach at Kaiser has been identified on the Department of Health and Human Services’ website as the largest health-related data breach of 2024 to date.
UnitedHealth Group, the parent company of Change Healthcare, disclosed earlier this week that sensitive health information pertaining to a “substantial proportion of people in America” was stolen by criminal hackers in a ransomware attack in February. While it remains uncertain whether the Kaiser breach is connected to this incident, UnitedHealth stated that they were working closely with law enforcement agencies to investigate potential ties between both incidents and protect individuals from further harm or exploitation by cybercriminals.
/cloudfront-us-east-1.images.arcpublishing.com/pmn/JW5FJZ4GPNCGHCN7KMRKWQOLTI.jpg)
