Kaiser Permanente Acknowledges Three-Year Data Breach


The Kaiser Permanente Northern California Division of Research recently began notifying approximately 5,100 Kaiser Permanente members who had participated in research studies that malware found on a server on February 12, 2014 may have compromised their personal information (h/t SC Magazine).

The server was used by the Division of Research to store research data, and held the affected members' names, birthdates, ages and genders. It may also have included addresses, races/ethnicities, medical record numbers, lab results associated with research, and responses provided to research-related questions.

"We currently have no information that any unauthorized personal accessed the information on the server," Division of Research director Tracy Lieu wrote in the notification letter [PDF]. "However, the malicious software broke down the server's security barriers so we are investigating and responding with a very high level of caution and concern."

The malware appears to have first infected the server in October of 2011.

"Once this incident was recognized, we immediately removed the server and confirmed that our other servers were unaffected and appropriately protected," Lieu wrote. "We have alerted the appropriate state and federal authorities, and we are continuing to take appropriate steps to reduce the chance of future incidents like this."

Kaiser members with questions are advised to contact (877) 811-0019.