Data privacy and security have never been more important in a digital age where information flows freely. Despite warnings as recently as 2023 to enhance and bolster cybersecurity defenses, ransomware attacks continue, resulting in significant operational impact to all sectors of healthcare.
Recently, two major healthcare providers, Kaiser Permanente and City of Hope, found themselves in the spotlight regarding data privacy concerns. Let’s delve into what transpired and how these organizations responded.
Kaiser Permanente
Kaiser Permanente apologized to its vast network of 13.4 million members after discovering that certain search information may have inadvertently been shared with external platforms, including Google and social media sites. The company attributed this data transmission to previous online technologies installed on its websites and apps. While the shared information did not include sensitive details like names or financial information, it did encompass IP addresses, usernames, indications of account activity, and health-related search terms.
Upon identifying the issue, Kaiser Permanente promptly removed the problematic technologies from its online platforms and assured members that there had been no reported instances of personal information misuse. Nevertheless, the organization took proactive measures by informing all affected members, both current and former, about the incident. Additionally, they expressed regret for the oversight and outlined steps, guided by experts, to prevent similar incidents in the future.
City of Hope
In a parallel scenario, City of Hope, another healthcare provider, faced a data breach affecting its members. The breach, which took place between September 19 and October 12, 2023, involved unauthorized access to a large amount of member information, ranging from email addresses to sensitive data like Social Security numbers and medical records.
City of Hope responded swiftly upon discovering the breach, implementing mitigation measures and bolstering security protocols with the assistance of cybersecurity experts. Furthermore, they extended a gesture of goodwill to affected members by offering two years of free identity monitoring services. In tandem with this, they promptly notified relevant authorities, including law enforcement and regulatory bodies, and launched an internal investigation into the incident to ascertain its scope and impact.
Cybersecurity is an urgent issue in healthcare, but the risk is growing exponentially and it’s poised to keep rising with no signs of stopping. Consequently, the expansive landscape of healthcare creates additional vulnerabilities where data attackers can outpace your organization, disrupting patient care. What steps is your organization taking to prepare?