Kaiser Permanente is alerting a few of its associates of a website formation mistake that led to the revelation of a few of their safeguarded health information. Luckily, the mistake was swiftly known and ePHI was just revealed for about 2 hours.
On October 12, 2016, an upgrading to the site, Kp.org was carried out to increase loading speed of webpage; but, a misconfiguration led to revelation of some members’ ePHI to other site visitors and members. People impacted by the event had visited the kp.org site from 11.26 p.m. (PT) on October 12 to 01:46 a.m. (PT) on October 13.
The level of ePHI revealed is contingent on the webpages associates paid visits after registering in, even though the revealed information was restricted in nature and didn’t contain any highly confidential data like financial information or Social Security numbers.
Although data might have been seen by other members as well as site visitors, the quantity of people who might possibly have seen other people’s ePHI was restricted because of the scheduling of the website update as well as the swift detection of the mistake.
Nevertheless, as it’s likely that ePHI might have been accessed as well as used for evil intentions, Kaiser Permanente has warned affected members to verify their Explanation of Benefits reports carefully for any indication of fake activity. Impacted members have also been informed to get credit reports as well as place a fraud warning with one of the nationwide credit organizations, even though the danger of scam is thought to be negligible.
Kaiser Permanente has now carried out a revision of its website update procedures and processes. Upcoming website revisions will be subjected to more tests to avoid any future breaks of this kind.
The case has now been informed to the Division of Health and Human Services OCR as well as the office of the California attorney general. The OCR break report shows 8,020 people have been affected by the case.