Attackers gained access to private account details through an email compromise incident that occurred in April.
Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month.
Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that contained “protected health information,” the company revealed in a letter to affected clients on June 3.
The attacker maintained unauthorized access for several hours, after which Kaiser terminated the activity “and promptly commenced an investigation to determine the scope of the incident,” according to the letter.
However, even Kaiser wasn’t completely sure if attackers gained access to personal health information of clients due to the breach, though the company acknowledged that it is “unable to completely rule out the possibility.”
So far, the company said it has no evidence of “identity theft or misuse of protected health information” as a result of the breach.
In addition to Kaiser’s own investigation, the U.S. Department of Health and Human Services Office for Civil Rights also is currently looking into the breach, according to a listing on its