Kaiser Permanente

Kaiser Foundation Health Plan of the Mid-Atlantic States notified 8,556 individuals of improper access to their health information.

In September 2022, Kaiser Permanente determined that an employee had inappropriately accessed medical records without a legitimate reason for doing so.

The employee viewed a variety of information, including names, medical record numbers, phone numbers, birth dates, addresses, medical information, and photographs.

Source: https://healthitsecurity.com/news/community-health-network-notifies-1.5m-of-data-breach-stemming-from-tracking-tech

TPRM report: https://scoringcyber.rankiteo.com/company/kaiser-permanente

"id": "kai184191222",
"linkid": "kaiser-permanente",
"type": "Data Leak",
"date": "09/2022",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 8556,
                        'industry': 'Healthcare',
                        'location': 'Mid-Atlantic States',
                        'name': 'Kaiser Foundation Health Plan of the '
                                'Mid-Atlantic States',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Insider Threat',
 'data_breach': {'number_of_records_exposed': 8556,
                 'personally_identifiable_information': ['Names',
                                                         'Medical Record '
                                                         'Numbers',
                                                         'Phone Numbers',
                                                         'Birth Dates',
                                                         'Addresses',
                                                         'Photographs'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Medical Record Numbers',
                                              'Phone Numbers',
                                              'Birth Dates',
                                              'Addresses',
                                              'Medical Information',
                                              'Photographs']},
 'date_detected': 'September 2022',
 'description': 'Kaiser Foundation Health Plan of the Mid-Atlantic States '
                'notified 8,556 individuals of improper access to their health '
                'information. In September 2022, Kaiser Permanente determined '
                'that an employee had inappropriately accessed medical records '
                'without a legitimate reason for doing so. The employee viewed '
                'a variety of information, including names, medical record '
                'numbers, phone numbers, birth dates, addresses, medical '
                'information, and photographs.',
 'impact': {'data_compromised': ['Names',
                                 'Medical Record Numbers',
                                 'Phone Numbers',
                                 'Birth Dates',
                                 'Addresses',
                                 'Medical Information',
                                 'Photographs']},
 'motivation': 'Unauthorized Access',
 'threat_actor': 'Employee',
 'title': 'Improper Access to Health Information at Kaiser Foundation Health '
          'Plan of the Mid-Atlantic States',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper Access Controls'}

Kaiser Permanente

Microsoft

Young Consulting

IdeaLab