Recently, Kaiser, a U.S. health conglomerate, announced that it suffered a data breach involving the personal information of 13.4 million of its members. The notice filed with the U.S. government on April 12 revealed that there was “unauthorized access/disclosure” involving a network server, but no further details were provided about the nature of the breach.
Organizations in the U.S. that fall under the health privacy law HIPAA are legally required to report data breaches involving protected health information to the U.S. Department of Health and Human Services (DHHS). Kaiser also notified California’s attorney general about the breach but did not provide any additional information. The parent organization of various entities within Kaiser Permanente, Kaiser Foundation Health Plan, reported having 12.5 million members at the end of 2024 and this breach has been identified as the largest health-related data breach to date on DHHS’ website.
However, it remains uncertain whether this breach is connected to another major data breach at UnitedHealth Group’s subsidiary Change Healthcare, which was victimized by a ransomware attack in February and had sensitive health information stolen from a “substantial proportion of people in America.” For more information about this data breach at Kaiser, please contact our reporter via Signal and WhatsApp at +1 646-755-8849 or by email for secure submissions through SecureDrop or visit our website for more updates on this story as it unfolds.