Are you a Kaiser patient? Your personal and health data may be out there.


It may be high time you ask to remove some of the personal information your doctor has.

More than 13 million Kaiser Foundation Health Plan current and former subscribers’ personal data is now floating around somewhere on the internet, due to a newly reported breach. 

An April 25 report from TechCrunch said the breach was caused by online technologies on its websites and mobile applications that "may have transmitted personal information to third-party vendors." Those third parties purportedly include Microsoft, Google, and X (formerly Twitter).

According to Kaiser, patients who used its websites and apps will be notified about the breach sometime in May. However, the tracking code that allowed those data taps to be impacted has been removed from Kaiser’s apps and website.

Tracking code continues to be a problem for healthcare companies. Before Kaiser got hit, three other healthcare companies – Cerebral, Monument and Tempest – had pulled tracking code from their apps that shared patients’ personal and health information with advertisers.

What personal data was taken?

Healthcare data breaches continue to be a headache for consumers and a potential goldmine for hackers. According to a filing that Kaiser made to the U.S. government, the 13.4 million people affected is the largest so far this year, followed closely by the nearly 12 million datasets taken in the recent HCA Healthcare breach.

A group of state attorneys general weren’t too happy with United Healthcare when something similar happened earlier this year, so Kaiser should gird its loins to face the music, too, and get ready to take more meaningful action to better protect its patients.

But, in these situations, companies are sometimes hesitant to go on record as to what personal data points were exposed. Those, in Kaiser’s situation, could include:

  • Names

  • IP addresses

  • Membership status

  • Browsing history on Kaiser's website and apps

  • Search terms used on the health encyclopedia

The million-dollar question is what happens with this data going forward. Kaiser Permanente emphasized that no misuse of this data had been identified, yet.

Get your data back from your healthcare provider now

The Kaiser breach is a good time to remind readers that you are probably giving your physician or health provider way too much information about yourself.

There are compelling reasons why consumers should limit the amount of personal information collected and stored by their healthcare providers.

First, once your healthcare provider’s data is stolen it’s nearly impossible to recover. Secondly, stolen information can be used for identity theft, medical fraud, and extortion attempts – all of which have the potential for severe financial and emotional harm.

And those harms can be great. Medical records may contain personal details, notes, or observations that are subjective or could be taken out of context. These could lead to misunderstandings or misinterpretations if made easily accessible.

Getting your unnecessary personal data back takes some effort, but you should discuss the information with your doctor. Have a conversation about what type of information is truly essential for your care, and request that only the minimum necessary data is stored.

Ask for copies of records and ask specific questions about things you think are non-essential. Those might include:

  • Subjective opinions and notes: A physician’s personal impressions that aren't directly tied to diagnoses or treatment plans (e.g., comments about your mannerisms or attitude, for example). These provide limited medical value and can be open to misinterpretation.

  • Information from far in the past: If you had a health condition that has been taken care of and is no longer an issue, ask that it be removed, too. Along the same lines, if there are old addresses and phone numbers in your file, ask that they be removed, too.

  • Data collected by third parties: Go into your health-related apps (yes, even ones like pregnancy trackers) and look at the permissions you have turned on. You might be surprised at how much you’re giving them access to. 

Take an Identity Theft Quiz. Get matched with an Authorized Partner.