In a legally required notice filed with the U.S. government on April 12 and made public on Thursday, Kaiser Foundation Health Plan announced that 13.4 million of its members had their information compromised in a data breach that occurred earlier this month. The notice did not provide specific details about the nature of the breach, stating only that there was “unauthorized access/disclosure” involving a network server.
Organizations in the U.S. that fall under the health privacy law HIPAA are mandated to report data breaches involving protected health information to the U.S. Department of Health and Human Services (DHHS). Kaiser also informed California’s attorney general of the breach but did not offer any additional information. The Kaiser Foundation Health Plan, which is the parent organization of various entities within Kaiser Permanente, reported having 12.5 million members at the end of 2023. The breach at Kaiser has been identified on DHHS’s website as the largest health-related data breach of 2024 to date.
It remains uncertain whether the Kaiser breach is connected to the recovery efforts at U.S. health tech giant Change Healthcare, which was a victim of a ransomware attack in February