5,100 Patients of Kaiser Permanente Impacted due to Presence of Malware on its Server

Beckershospitalreview.com reported on 3rd April, 2014 stating that 'The Kaiser Permanente Northern California Division of Research' based in Oakland, California, US has started informing its patients that their personal and health data was hijacked due to infiltration of malware in its research server. According to the report, around 5,100 patients were impacted in the security breach.

Notably, Kaiser Permanente Northern California Division of Research conducts research to cover a wide range of topics which include epidemiologic and health service studies, clinical trials and program evaluations.

The malware busted the security barriers of the server in October 2011 but Kaiser came to know of the attack only on 12th February, 2014.

The server enclosed first and last names, DOB (dates of birth), genders, ages, addresses, medical record numbers, ethnicities and lab results of patients. Kaiser says that those patients had taken part in a research-study whose information was available on the server.

However, Kaiser confirmed that neither SSNs (Social Security numbers) nor electronic medical records of Kaiser Permanente were exposed during the unfortunate breach.

SCMagazine.com published a statement on 4th April, 2014 stating an elaboration by Tracy Lieu, Director of Research Division of Kaiser Permanente as "We have no evidence till date confirming that the data on the server was in reality opened, copied or used by any unlawful persons."

Databreachtoday.com published news on 4th April, 2014 quoting a Spokeswoman of Kaiser Permanente as saying "due to human error related to the configuration of the software, AV (anti-virus) software on the impacted server had not been upgraded. Hence, we have instantly removed the server after recognizing the infection and confirmed that the contagion was limited to this one hijacked server. Actually, the hijacked server was the only server of Research Division which did not have the appropriate updated AV software. However, we have taken corrective measures to update and fortify our protocols and electronic security actions to prevent a situation like this in future."

Moreover, this latest incident happens following a settlement between Kaiser Foundation Health Plan and the California Attorney General's office in February 2011 related to a breach in 2011 which compromised personal data of about 30,000 employees of the health plan.

» SPAMfighter News - 4/16/2014