On April 5th, Kaiser Permanente discovered and, within an hour, terminated an unauthorized parties’ breach into an employee’s emails from the Kaiser Foundation Health Plan of Washington. Access to these emails exposed the names, dates of service, medical record numbers, and laboratory test result information.
Kaiser has so far not found any indication that the breach exposed the protected health information (PHI) of their clients yet could not rule out the possibility.
In addition to the breach in the Kaiser Foundation Health Plan of Washington, the Virginia Mason Medical Center (VMMC) faced its second data breach since December 2021.
This most recent incident potentially exposed the PHI of 1,523 patients including their names, phone numbers, Social Security numbers, health insurance numbers, email addresses, COVID-19 screening and surveillance, and presence on a COVID-19 vaccine waiting list.
The VMCC experienced a second data breach which took place on March 22 and affected 3,000 patients. The unauthorized party accessed staff emails using a phishing attack, a tactic where the attacker will attempt send malware masquerading as an email from a trusted individual.
VMMC said it implemented blocks to the phishing domain and provided further employee education.