Kaiser Permanente, California’s biggest hospital system has disclosed a data breach in one of its subsidiaries that put the sensitive medical data of almost 70,000 patients at risk.
In a letter sent to patients on June 3, the healthcare provider termed the breach as a “security incident” that occurred on April 5 and involved unauthorized access to an employee’s emails.
The leaked data included the first and last names of patients’, medical record numbers, dates of service, and laboratory test result information, the disclosure letter states. Sensitive data such as Social Security numbers and credit card numbers were not leaked in the data breach.
After discovering that a hacker secured access to employees’ emails, Kaiser Permanente terminated the access within hours and launched an internal investigation to identify the scope of the data breach. Although there was no sign that the unauthorized party accessed the protected health information (PHI) contained in the emails, the healthcare firm could not rule out the possibility.
Furthermore, the healthcare provider has taken multiple steps to boost the security which includes resetting the employee’s password for the email account where unauthorized activity was detected and additional training on safe email practices.
“The breach occurred almost three months ago, yet Kaiser Permanente has only recently notified potentially impacted people that their data may have been compromised. During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns. It’s critical that as a part of their larger cybersecurity culture, organizations include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises,” stated Chris Clements, Vice President of Solutions Architecture at cybersecurity firm Cerberus Sentinel.
Security tips to counter data breach
The data breach took place nearly three months ago, but the healthcare firm just recently alerted potentially affected individuals that their private data may have been exposed. During the three-month period, the hackers may have exploited data to secure access to other restricted systems and also used it to access financial data such as credit card information, software codes, or online banking passwords.
As data breach attacks are becoming more common, it is critical to understand how to mitigate the risks. Here are some easy tips to shield your data from the threat of a security breach.
• Change and Secure Your Passwords
• Update data security features
• Use Access Controls
• Safeguard physical data
• Encrypt data
• Protect portable devices
