US medical conglomerate Kaiser has hit millions of current and former members with a data breach after confirming it shared patient information with third-party advertisers including Google, Microsoft and X (formerly Twitter) reported.
In a statement shared with TechCrunch, Kaiser said its investigation revealed that “certain online technologies previously installed on websites and mobile applications may have transmitted personal information to third-party vendors.” He said it was found that.
Kaiser said the data shared with advertisers includes a member's name and IP address, as well as whether the member is signed in to a Kaiser Permanente account or service, whether the member is “on a website, mobile application, in a search, etc.” It also includes information showing how the person interacted with and moved around the country. This is a term used in the health encyclopedia. ”
Kaiser said it has since removed the tracking code from its website and mobile app.
Kaiser shares patient personal information with third-party advertisers through online tracking codes that are embedded in web pages and mobile apps and are designed to collect information about users' online activities for analysis. This is the latest medical institution that has recognized this. Over the past year, telehealth startups Cerebral, Monument, and Tempest have pulled tracking codes from their apps that share patients' personal and health information with ads.
Kaiser spokeswoman Diana Yee said the organization will begin notifying its 13.4 million current and former members and patients affected via its website and mobile app. Notifications will begin in May in all markets where Kaiser Permanente operates, a spokesperson said.
The healthcare giant also filed a legally required notification with the U.S. government on April 12, but went public on Thursday confirming that 13.4 million residents' information had been compromised.
Organizations in the United States covered by the health privacy law known as HIPAA are required to notify the U.S. Department of Health and Human Services of data breaches involving protected health information, such as medical data and patient records. Kaiser also notified the California Attorney General of the data breach, but did not provide further details.
Kaiser Foundation Health Plan is the parent organization for the organizations that make up Kaiser Permanente, one of the nation's largest health care organizations. Kaiser Foundation Health Plans provides health insurance plans to employers and reported 12.5 million enrollees at the end of 2023.
The data breach at Kaiser is listed on the Department of Health and Human Services' website as the largest health-related data breach of 2024 confirmed to date.
Want to know more about the data breach at Kaiser? Contact this reporter on Signal and WhatsApp at +1 646-755-8849 or email. You can also send files and documents via SecureDrop.