Cyber Incident Victim: Kaiser Permanente

On July 27, 2018, Kaiser Permanente’s Health Innovations website (healthinnovation.kp.org) was defaced by an individual or group using the alias "Dohaeragon," who replaced the site’s content with a message written in High Valyrian, a fictional language from the television series Game of Thrones. The defacement included a musical link to "Hear Me Roar" and credited "Team Faceless Men," listing members Polatbey, Morghon, SoloKing, Claronomes, and KingOfNoobs—all names referencing Game of Thrones lore. The attackers claimed no prior history on defacement tracking sites like Zone-H, though some aliases were linked to Turkish gaming profiles, including one individual identified as a 17-year-old male from Turkey. Kaiser Permanente responded within hours by relocating the site to a new IP address, and by July 29, redirected traffic from healthinnovation.kp.org to healthy.kaiserpermanente.org. Initial inquiries from DataBreaches.net regarding potential data exposure or security gaps went unanswered until July 31.

Kaiser Permanente confirmed the compromised site was externally hosted and unrelated to its core network, emphasizing it contained no protected health information (PHI) or member/patient data. The organization stated the breach did not provide access to kp.org or other internal systems, asserting no risk to data confidentiality. An internal investigation revealed the site had not undergone Kaiser’s standard security protocols or recent updates prior to the attack, leaving it vulnerable. The incident drew attention to risks associated with externally hosted subdomains bearing an organization’s branding, as public perception might conflate such sites with the primary domain’s security posture. Kaiser announced plans to collaborate with the third-party vendor to strengthen security measures for the site moving forward. No evidence suggested data theft or further system infiltration beyond the defacement itself.