In April 2022, US healthcare organization, Kaiser Permanente were the subject of a possible cyber-attack which has potentially affected around 70,000 of its patients.

Kaiser currently employs 300,000 people and provides healthcare and not-for-profit health plans across the country.

In statement made publicly, it was said that: “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident.”

The statement continued: “We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

Information such as medical record numbers, names, laboratory test results and dates of service was all believed to be at risk, however, the healthcare organization believes that there is no evidence of information being stolen or misused as a result of the breach.

Also included in the statement was an outline of what action has been taken in-light of the incident: “After discovering the event, the employee’s password for the email account where unauthorized activity was detected has been reset. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future.”

Return to Security Journal Americas NEWS index