The California Office of the Attorney General reported a data breach involving Kaiser Permanente on September 26, 2019. The breach occurred on August 12, 2019, when a provider’s email account containing protected health information was compromised for approximately thirteen hours. The types of information potentially exposed included names, medical record numbers, and various health-related details, but Social Security numbers and financial information were not involved.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-150863
TPRM report: https://www.rankiteo.com/company/kaiser-permanente
"id": "kai228072525",
"linkid": "kaiser-permanente",
"type": "Breach",
"date": "8/2019",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California',
'name': 'Kaiser Permanente',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Compromise',
'data_breach': {'personally_identifiable_information': ['names',
'medical record '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'medical record numbers',
'health-related details']},
'date_detected': '2019-08-12',
'date_publicly_disclosed': '2019-09-26',
'description': "A data breach involving Kaiser Permanente where a provider's "
'email account containing protected health information was '
'compromised for approximately thirteen hours.',
'impact': {'data_compromised': ['names',
'medical record numbers',
'health-related details']},
'initial_access_broker': {'entry_point': 'Email Compromise'},
'references': [{'date_accessed': '2019-09-26',
'source': 'California Office of the Attorney General'}],
'title': 'Kaiser Permanente Data Breach',
'type': 'Data Breach'}