Skip to main content

Kaiser Permanente Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating a data breach incident at Kaiser Permanente after the health conglomerate sent notice of a data security event to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. The breach cause was listed on the site as an “Unauthorized Access/Disclosure,” after Kaiser allegedly shared the personal data of millions with big-tech advertisers.

What Happened at Kaiser Permanente?

After a legally required notice was filed with the U.S. government on April 12, Kaiser has begun notifying 13,400,000 current and former members after confirming it shared its patients’ sensitive information with third-party advertisers, including Google, Microsoft and X. HIPAA requires American companies to notify the U.S. Department of Health and Human Services about any data breaches involving protected health information. Kaiser also notified California’s attorney general.

The Kaiser Foundation Health Plan confirmed that millions of consumers had their information taken in a data breach incident. In an official company statement, Kaiser said an investigation determined that the data leak occurred because “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

Kaiser said the company shared data with advertisers that included member names and IP addresses, as well as information that tracked members and watched how they “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.”

Healthcare data breach events are anything but rare these days. There are daily notices of data privacy violations and Kaiser is simply the latest healthcare organization to confirm a breach. Many other health entities have been sued for sharing patients’ personal information with third-party advertisers. Many have embedded pixels and tracking code on their web pages and mobile apps to collect information about users’ online activity.

Along with the Change/United Healthcare breach, the Kaiser Permanente breach is one of the largest confirmed health-related data breach thus far in 2024.

More About Kaiser Permanente

Operating out of Oakland, California, Kaiser Permanente is an integrated managed care company that runs the Kaiser Foundation Health Plan, Inc. (KFHP), Kaiser Foundation Hospitals, and regional Permanente Medical Groups. The conglomerate operates 39 hospitals and more than 700 medical offices in eight states. It is the largest managed care organization in the United States.

Contact our data breach lawyers if you are a Kaiser Permanente member and have been contacted by the firm regarding the data sharing announcement. We believe very strongly in your right to privacy, and our attorneys are ready to take legal action when a company has negligent IT security or intentionally shares or sell your personal data to third parties without your consent. We have filed class action data sharing lawsuits on behalf of plaintiffs nationwide.