American healthcare giant Kaiser Foundation Health Plan exposed sensitive data on millions of its current and former patients, apparently by mistake.
Among the data inadvertently shared with advertisers are member names and IP addresses, and information regarding their membership status with Kaiser Permanente. Furthermore, the company leaked information on how members interacted with the website and the apps, and what they searched for in the health encyclopedia.
A total of 13.4 million people are affected by this mishap, the company has confirmed, adding it is preparing to send out data leak notifications to all of them.
Targeting healthcare
The company confirmed the news via a statement shared with TechCrunch, noting its website and mobile applications used “certain online technologies”(tracking codes) that may have transmitted personal information to third-party vendors, thought to include Google, Microsoft, and X.
Kaiser filed a notice with the U.S. government, and notified California’s attorney general of what had happened.
Due to the sensitivity of the data they hold, healthcare organizations are a constant target for cybercriminals. Recently, Change Healthcare suffered a major ransomware attack in which the threat actors stole 4TB of valuable files. In exchange for keeping the data private and not sharing it on the dark web, the attackers demanded $22 million in cryptocurrency.
In late 2023, after a supply chain attack on ESO Solutions, sensitive data from a number of healthcare organizations in the US was stolen, and in March of the same year, both Zoll Medical and Independent Living Systems reported data breaches.
The Kaiser Foundation Health Plan is the parent organization of Kaiser Permanente, and claimed to have more than 12 million members last year.
More from TechRadar Pro
- ChatGPT plugin flaws could have allowed hackers to take over other accounts
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now