Need help? Chat now!

Hostwinds Blog

Search results for:


Kaiser Permanente Admits Malware Lived on Server For Years Featured Image

Kaiser Permanente Admits Malware Lived on Server For Years

by: Bryon Turcotte  /  April 10, 2014


California-based health care giant Kaiser Permanente recently announced that a server housing the protected health information of thousands of patients was found to have been infected with "malicious software" since October 2011, according to articles published by both The Health Data Management and E-Security Planet websites. The articles indicate that the company division in Northern California will now need to notify approximately 5,100 patients by mail that private health information was on an infected server found in February of this year.

The article states that the organization – which serves millions of individual patients – has "removed the server_" and confirmed that "_other servers were not affected and appropriately secured." They also advised that the device was "_used to store research data_, "according to the reports. The infected server, according to the Health Data Management article, housed data which included "_patient name, date of birth and gender, and also may have included address, race-ethnicity, medical record number, lab results associated with research, and patient responses to questions related to research studies in which they participated._."

A statement from the notification letter was quoted in the article saying, "_We currently have no information that any unauthorized person accessed the information on the server. However, the malicious software broke down the server's security barriers, so we investigate and respond with a very high level of caution and concern. We are very sorry that this happened." According to additional information outlined in the article, Kaiser Permanente confirmed that "Social Security numbers and data from Kaiser's electronic health record were not held on the server._" Since this breach affected over 500 individuals, it will be posted as a "_major security breach_" on the "HHS Office for Civil Rights' website" and, as the article confirmed, will be the organization's "_fourth posting_" in this category.

Read more about this breach in the full articles at both The Health Data Management and E-Security Planet websites and learn more about how this organization plans to perform damage control for its clients.

Written by Bryon Turcotte  /  April 10, 2014