US health insurance giant Kaiser is notifying millions of customers – both current and former – that it experienced a data breach when it shared patient information with third-party advertisers such as Microsoft, Google, and X (formerly known as Twitter).
Members and former members will learn the results of an investigation
Kaiser has stated that it conducted an investigation that determined that “certain online technologies” that already existed on both the conglomerate’s websites and mobile applications “may have transmitted personal information to third-party vendors.”
According to the health insurance company, some of the data that became accessible to advertisers included both the name and IP addresses of some of its current and former members, in addition to certain pieces of information that would identify the users as members signed into a Kaiser Permanente account or service. Other data accessible to advertisers included how members “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.”
The health insurance site and app tracking code has been removed
According to Kaiser, when it learned that the information was being shared and when it identified the source, it removed the tracking code from its website as well as its app.
Kaiser is far from the first healthcare industry organization to have discovered and confirmed that its patient data had been shared with third party advertisers because of tracking codes embedded on websites and mobile apps.
These tracking codes are designed to collect online activity data about users for analytics purposes. That said, in many cases, the trackers have been sharing far more information about users than which pages they visited on a site.
Monument, Cerebral and Tempest are other healthcare organizations that have made similar discoveries and announcements, and that’s only within the last year. Those companies also removed tracking codes from their online properties, when they were found to have shared patient personal and health data with advertisers.
The notification process
Diana Yee, a spokesperson for Kaiser, explained that the organization is beginning the notification process for the 13.4 million current and former members affected by this breach by accessing the websites and apps. The notifications will begin this month in all markets in which Kaiser Permanente has a presence.