Cyber Incident Victim: Kaiser Permanente

Kaiser Permanente discovered malware on a research server operated by its Northern California Division of Research on February 12, 2014. The compromised server stored personal and health information of approximately 5,100 members residing primarily in California's Bay Area. Forensic analysis indicated the malware infection potentially originated as early as October 2011, exposing the server for nearly two and a half years. The affected data included first and last names, physical addresses, dates of birth, ages, genders, racial and ethnic identifiers, medical record numbers, laboratory test results tied to research activities, and responses to research questionnaires. This information pertained exclusively to individuals participating in Kaiser's research studies, with no evidence suggesting broader patient populations or operational systems were involved. Kaiser emphasized the server's isolation from other network infrastructure during the exposure period.

Upon identifying the malware, Kaiser immediately decommissioned the affected server and conducted comprehensive security reviews of all connected systems. The organization confirmed no other servers were compromised and implemented additional protective measures across its infrastructure. Notifications were issued to all 5,100 impacted members following forensic analysis, detailing the specific categories of exposed information. Kaiser concurrently reported the incident to relevant state and federal regulatory authorities, including California's Office of the Attorney General, which published an official summary on April 3, 2014. Internal investigators found no indication that unauthorized parties accessed, copied, or utilized the exposed research data during the infection period. The breach investigation concluded without evidence of identity theft or fraudulent activity stemming from the incident, though Kaiser maintained standard credit monitoring offers for affected individuals as a precautionary measure.