Kaiser Permanente Admits Malware Lived on Server For Years

California-based health care giant Kaiser Permanente recently announced that a server housing the protected health information of thousands of patients was found to have been infected with “malicious software” since October 2011, according to articles published by both The Health Data Management and E Security Planet websites. The articles indicate that the company division located in Northern California will now need to notify approximately 5,100 patients by mail that private health information was on an infected server found in February of this year.

The article states that the organization – which serves millions of individual patients –  has “removed the server” and confirmed that “other servers were not affected and appropriately secured.” They also advised that the device was “used to store research data“, according to the reports. The infected server, according to the Health Data Management article, housed data which included “patient name, date of birth and gender, and also may have included address, race-ethnicity, medical record number, lab results associated with research, and patient responses to questions related to research studies in which they participated.

A statement from the notification letter was quoted in the article saying, “We currently have no information that any unauthorized person accessed the information on the server. However, the malicious software broke down the server’s security barriers so we are investigating and responding with a very high level of caution and concern. We are very sorry that this happened.” According to additional information outlined in the article, Kaiser Permanente confirmed that “Social Security numbers and data from Kaiser’s electronic health record were not held on the server.” Since this breach affected over 500 individuals, it will be posted as a “major security breach” on the “HHS Office for Civil Rights’ website” and, as the article confirmed, will be the organization’s “fourth posting” in this category.

Read more about this breach in the full articles at both The Health Data Management and E Security Planet websites and learn more about how this organization plans to perform damage control for their clients.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.