Published: August 02, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
It resembles a data breach, but it doesn't perfectly fit into that bucket. Kaiser Permanente, a major U.S. healthcare provider, disclosed a security breach potentially affecting 13.4 million individuals. The breach in this case was more of a sharing incident with organizations like Google, Microsoft, and X for advertising purposes. However, they shared more information than they should have and subsequently reported it to the U.S. Department of Health and Human Services. This meant it involved some protected health information.
Essentially, there was a tracking code used in Kaiser’s website and mobile applications. It has since been removed, but not before names, IP addresses, information on members’ interactions, and healthcare search terms used in Kaiser’s encyclopedia were shared with the third-parties. Reportedly, however, what was not shared were usernames, passwords, Social Security Numbers, or financial data. That’s some good health news.
Kaiser Permanente is notifying affected individuals. Some of those affected may already have received that notification.
This is not the first time Kaiser has made the news due to a data breach. In June of 2022, the company experienced another breach affecting 69,000 people. In that case, health information was accessed via a compromised employee email account. Since phishing is still the top way cyberattacks succeed, it’s likely that was to blame then too.
What can you do, if you did get it or if you get a similar letter for any data breach? The process is the same. Watch out for targeted phishing attacks. Remember that they have enough information to make an email look legitimate. If you receive a link or attachment that you’re not expecting or cannot be sure is legitimate, don’t click on it. You should call Kaiser using information you have independently of any email message and verify it.
If you're offered credit monitoring service after a breach, take advantage of it. It's likely you've gotten such an offer before and you'll likely get more. If you can activate them such that you always have this coverage, it's a wise strategy. Keep in mind that they won't keep someone from trying to use your information to commit fraud. These services will notify you if someone tries, giving you time to react and potentially stop it.
Also, keep an eye on the benefits statements sent to you after you receive care. If they don’t look correct, contact your healthcare provider. Working together, you can continue to thrive.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments