May 15, 2024

Over 13 Million Impacted by Kaiser Permanente Data Breach

Over 13 Million Impacted by Kaiser Permanente Data Breach

Morgan and Morgan is not currently signing up new cases related to this incident. If you have received a data breach notification from Kaiser Permanente, please click here for guidance on how to proceed and protect your information.


On April 12, 2024, U.S. health conglomerate Kaiser Foundation Health Plan, Inc. (Kaiser) filed with the U.S. Department of Health and Human Services (HHS), reporting that 13.4 million of its members' information was taken in a data breach. The healthcare company confirmed the data breach occurred due to unauthorized access on its network servers after the company shared its patients' information with third-party advertisers, including Google, Microsoft, and X.

After an investigation, Kaiser discovered that the data breach occurred due to certain online technologies that were previously installed on its websites and mobile applications that may have transmitted personal information to its third-party vendors. According to the company, the technology allowed them to share the members' names and IP addresses with advertisers, as well as information that could indicate if members were signed into a Kaiser Permanente account or service and how the members used its websites or apps. 

Kaiser is just the latest healthcare company to share patients' personal information with third-party advertisers via an online tracking code. In recent years, many companies have begun embedding codes on their web pages and mobile apps to collect information about users' online activity for analytics. However, one primary concern some have with the Kaiser breach is the invasion of privacy, as customers were tracked not only on their navigation but also on any search terms used in the health encyclopedia.

According to the company, the information accessed during the breach by unauthorized third parties was limited to customers' IP addresses and individual names. Kaiser does not suspect that any usernames, passwords, Social Security numbers, financial account information, or credit card numbers were included in the transmission to the third parties.

Since the announcement of the breach, Kaiser said it removed the tracking code from its websites and mobile apps and is currently unaware of any misuse of any member's or patient's personal information. According to Kaiser spokesperson Diana Yee, the healthcare organization will begin notifying the 13.4 million affected current and former members and patients who accessed its websites and mobile apps starting in May. 

This isn't the first time Kaiser has been hit with a data breach. In April 2022, the healthcare company was impacted by a breach where an unauthorized party gained access to an employee's emails, which contained the protected health information of thousands of patients. According to a breach filing with the U.S. Department of Health and Human Services Office for Civil Rights, the data exposed during the breach included the first and last names, medical record numbers, dates of service and laboratory test result information of 69,589 people. 


How You Can Protect Yourself After a Data Breach

After a data breach, you and your loved ones need to take action to secure your personal information from those who wish to cause you harm. To help keep track of your data and ensure no fraudulent activity is taking place certain credit unions like Equifax, Experian, and Transunion, offer free yearly credit checks. For more frequent credit monitoring, Credit Karma offers its customers free daily access to their credit reports, suspicious activity alerts, and other financial protective services. 

If you discover activity on your accounts, contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident. The Fair Credit Reporting Act allows those who are victims of fraud the right to be informed the information in their credit file has been used against them. For more information about data breaches and how you can protect yourself, click here or head to the FTC's website at

As one of the largest healthcare organizations in the United States, Kaiser Foundation Health Plan, Inc., is the parent organization of several entities that comprise Kaiser Permanente. As of 2023, the healthcare company provides health insurance plans to roughly 12.5 million members and reported an operating revenue of $100.8 billion. Currently, the Kaiser breach is listed on the Department of Health and Human Services website as the largest confirmed health-related data breach of 2024.

After your information was unlawfully accessed due to a data breach, speaking to an attorney can help you understand your legal options. If you believe your information was affected by the Kaiser Permanente data breach, we may be able to help you. For more information, contact a Morgan & Morgan data breach attorney today.