"Attack on Kaiser Permanente Exposes Data on 70,000 Customers"

A leading US healthcare provider, Kaiser Permanente, has warned that as many as 70,000 individuals may have had personally identifiable information (PII) stolen by a malicious third party.  A data breach notice sent to customers earlier this month claimed that the company discovered the unauthorized access incident on April 5.  The IT team terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident.  During the investigation, it was determined that protected health information was contained in the emails accessed by the malicious third party, and while they have no indication that the unauthorized party accessed the information, they cannot completely rule out the possibility.  The protected health information potentially exposed included first and last name, medical record number, dates of service, and laboratory test result information.  Kaiser Permanente noted that the information did not include sensitive information such as Social Security numbers and credit card numbers.  The healthcare provider said it reset the affected employee’s password and provided them with additional training to mitigate the risk of such an incident happening again.

Infosecurity reports: "Attack on Kaiser Permanente Exposes Data on 70,000 Customers"