Kaiser, a U.S. health conglomerate, is notifying millions of current and former members about a data breach. The breach occurred after Kaiser shared patients’ information with third-party advertisers, including Google, Microsoft, and X (formerly Twitter). An investigation revealed that certain online technologies installed on Kaiser’s websites and mobile applications transmitted personal information to these vendors. The data shared includes member names, IP addresses, account/service activity, website/app interactions, and search terms. Kaiser has since removed the tracking code from its platforms. This incident follows a trend of healthcare organizations inadvertently sharing personal information with advertisers through online tracking code. Kaiser will notify approximately 13.4 million affected individuals starting in May. The breach has been reported to the U.S. Department of Health and Human Services and California’s attorney general. As of now, it is the largest confirmed health-related data breach of 2024.
