Kaiser Permanente shared the data of 13.4 million people with Microsoft Bing, Google, and others.

Security

According to the American healthcare giant Kaiser Permanente, the data of millions of its patients may have been shared with Google, Microsoft Bing, X/Twitter, and other third-party entities. Kaiser informed The Register that they have commenced the process of notifying 13.4 million current and former members and patients about the potential transmission of personal information to third-party vendors through certain online technologies previously integrated into their websites and mobile applications. Subsequently, Kaiser has removed these technologies from its platforms and reassured that they have no knowledge of any misuse of personal information belonging to their members or patients.

Put differently, the situation likely arose from Kaiser Permanente incorporating user tracking and analytics tools provided by major tech companies and data brokers into its websites and applications. It is now becoming clear to Kaiser what specific information was being sent by this code when individuals interacted with their online platforms. Recently, Kaiser Permanente submitted a security disclosure PDF to the US Department of Health and Human Services regarding this specific issue.

The data shared with third parties reportedly includes individuals' IP addresses, names, indications of whether a member or patient was logged into a Kaiser Permanente account or service, details on how they interacted with the website and mobile apps, and the search terms used in the health encyclopedia. Kaiser clarified that no usernames, passwords, Social Security numbers, financial account details, or credit card numbers were disclosed to these third parties. Kaiser Permanente, a prominent healthcare and insurance organization in the US, boasts a membership of 12.5 million individuals spread across 10 states. With 40 hospitals, 618 medical offices, and a workforce comprising 24,600 physicians, 73,600 nurses, and 235,000 other employees, it stands as one of the largest entities in the healthcare industry.

The recent disclosure coincides with a study released earlier this month, which exposed the common practice of American hospitals utilizing tracking technologies on their websites. These technologies were found to share user data with major tech companies like Google and Meta, as well as data brokers and other third-party entities.