Kaiser Permanente, Arizona hospital hit with cybersecurity breaches

Dive Brief:

• Kaiser Permanente and Arizona-based hospital Yuma Regional Medical Center both disclosed cyberattacks in June which exposed the data of about 770,000 combined patients in April, continuing a dizzying flurry of healthcare data breaches this year.
• The Yuma cyberattack compromised patient information including social security numbers and medical information of about 700,000 patients and the Kaiser Permanente breach potentially exposed medical information including full names and lab results of almost 70,000 patients.
• The two cybersecurity incidents follow this year’s biggest healthcare cyberattack in March that compromised the data of roughly 2 million patients in facilities associated with New England-based Shields Health Care Group. 

Dive Insight:

Patients of Kaiser Foundation Health Plan of Washington were notified in June that an unauthorized party had gained access to an employee’s emails on April 5 where patient data including first and last names, dates of service, laboratory test information and medical record numbers were potentially exposed, according to a statement Kaiser Permanente sent to patients.

Although sensitive emails were exposed, the health conglomerate said it had “no indication” that the patient information was necessarily accessed by the party and email access was reset and terminated within hours.

Between April 21 and April 25, ransomware breached internal hospital systems and gained access to patient data at Yuma Regional Medical Center. Although the health system said it took immediate action upon detection by communicating with law enforcement and hiring a third-party forensic firm, a subset of files containing patient information was removed during the incident and exposed, according to the hospital, including names and social security numbers. The system offered affected patients free credit monitoring and identity theft protection services in response to the incident, according to a system notice.

The breaches are the latest in a trend following several large healthcare breaches in the past year including health system Tenet, which experienced a cybersecurity incident in April that briefly disrupted operations, and Florida-based North Broward Hospital District, which experienced a breach in October 2021 that impacted 1.3 million patients.

Nine healthcare cybersecurity incidents have been recorded so far in June alone, according to the HHS Office for Civil Rights portal, which posts a list of healthcare breaches affecting 500 patients or more.

In 2021, a record 45 million patients were impacted by healthcare cybersecurity breaches, according to cybersecurity firm Critical Insights, more than triple the amount of patients effected by data breaches in 2018.

Comments are closed.