Kaiser Permanente patients’ information exposed after breach

Kaiser Permanente patients’ information exposed after breach

https://portswigger.net/daily-swig/kaiser-permanente-data-breach-exposed-healthcare-records-of-70-000-patients

Exploit: Credential Compromise
Kaiser Permanente: Healthcare Provider

risk-to-business-img-r1

Risk to Business: 2.176 = Severe

A data breach at healthcare and insurance giant Kaiser Permanente has exposed the personal information and health data of patients in the state of Washington. The company says that an unauthorized party gained access to its systems through a compromised employee email account in April 2022. The U.S. Department of Health and Human Services Office for Civil Rights reports that 69,589 records were potentially exposed as a result of the email security slip-up at Kaiser’s Washington unit.

risk-to-business-img-r1

Individual Risk: 2.278 = Severe

Exposed data includes a patient’s first and last name, medical record number, dates of service, and laboratory test result information of the health plan provider.

How It Could Affect Your Customers’ Business: This will be an expensive employee mistake (and training failure) once regulators get finished with penalties for this incident.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.