Data breach due to network error

November 21st, 2016 by admin Leave a reply »

Kaiser Permanente Health Plan, Inc based in Northern California, Kaiser Permanente Health Plan, Inc of Southern California, and Kaiser Foundation Health Plan of the Northwest recently suffered data breach. It is notifying affected individuals about the PHI breach. The incident may have resulted into PHI being online for approximately two hours.

As per the OCR data breach reporting tool, total 8,020 individuals were potentially affected by the three separately reported incidents.

California Office of the Attorney General’s website contains the post of data breach notification. It mentioned that the website error that caused the information to be exposed has since been fixed. Kaiser also said that it is reviewing its processes and procedures for testing website updates to help prevent any similar incident in the future.

“The error happened during an upgrade to that occurred at 11:26 p.m. Pacific time on October 12th, 2016. We took immediate action to repair the error, preventing any further exposure of member information after 1:43 a.m. Pacific time on October 13th, 2016. The upgrade changed how the website stored data to make loading website pages quicker. However, the upgrade mistakenly allowed confidential data viewed by members who signed in to to potentially be seen by other visitors.”

The statement on the website did not mention the details of breached information but mentioned that Social Security numbers and banking information were not included.

Facility advised affected individuals to follow below guidelines:

“We believe the risk to your information is limited because this was an accidental disclosure, the error was promptly detected and repaired. Even though we believe that the risk of any financial or health care related fraud is minimal, for your protection we urge you to carefully review any explanation of benefits letters you receive and contact us immediately at the number on the back of your card if you spot any suspicious activity. Additionally, you may want to contact one of the national credit reporting agencies to place a fraud alert in your file and to receive a free copy of your credit report. We are informed that the agency you contact will notify the other two agencies.”


Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Leave a Reply