Kaiser Permanente discovered Aug. 19 that an employee’s email account had been accessed by an unknown and unauthorized third party. Immediately, the healthcare provider took action to disable the hacker’s access to the email account.
Patient data that may have been exposed included names, dates of service, dates of birth, gender, provider names, provider comments, payer names, diagnoses, medical history, benefit information, insurance coverage status and treatment information.
Kaiser Permanente said there is no evidence that any patient information was viewed, used or copied. Additionally, the provider said it is unaware that any of the information has been misused.
“Kaiser Permanente is taking steps to prevent this type of error from occurring in the future,” a statement from the provider said. “Upon learning of this issue, we changed the password to the provider’s email account and have undertaken additional measures to further strengthen Kaiser Permanente’s email security controls.”
More articles on cybersecurity:
Why ransomware attacks against hospitals can be more severe than other businesses
Indiana hospital alerts 9,100 patients of data breach
FDA warns patients, providers of ‘urgent’ software vulnerabilities
