Based on the investigation to this point, it appears that sensitive health information belonging to more than 69,000 individuals was exposed. For context, Kaiser Permanente provides a wide range of health care services to more than 12.5 million customers spanning eight states, plus the District of Columbia. While it's true that a breach of any size is a bad thing, this one only impacted a tiny slice of the company's patient base.
Kaiser's breach notification reads in part as follows:
"This notice describes a security incident that may have impacted the protected health information of some Kaiser Permanente patients who may have been affected by an unauthorized access incident on April 5, 2022.
The specifics of the unauthorized access were provided to individuals affected in a letter sent by Kaiser Permanente on June 3, 2022.
Sensitive info exposed in the attack includes:
If there's a silver lining to be found here, it lies in the fact that Kaiser's notification stressed that no Social Security or credit card numbers were exposed.
While this event will no doubt damage trust, the data that was stolen is not likely to be sufficient to allow the attackers to steal your identity. If you are one of the impacted customers, then you should have already received a notification from the company.
We wish we could say that this will be the last data breach of the year but sadly, that's not going to be the case. Stay tuned for the next, and guard your personal data closely!