13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers

  /     /     /  
Publicated : 23/11/2024   Category : security


13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers


Tracking code used for keeping tabs on how members navigated through the healthcare giants online and mobile sites was oversharing a concerning amount of information.



Hard on the heels of a
significant data theft at UnitedHealth
, fellow healthcare behemoth Kaiser Permanente publicly announced a data breach affecting 13.4 million current and former insurance members.
Kaisers systems inadvertently shared patient data with third-party advertisers, including Google, Microsoft, and social platform X, the
company said
, thanks to the presence of improperly implemented tracking code that Kaiser used to see how its members navigated through its Web and mobile sites.
Certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors, the company said in a
media statement
.
The shared data included names, IP addresses, what pages people visited, whether they were actively signed in, and even the search terms they used when visiting the companys online health encyclopedia.
Kaiser has reportedly removed the tracking code from its sites, and while the incident wasnt a hacking event, the breach is still concerning from a security perspective, according to Narayana Pappu, CEO at Zendata.
The presence of third-party trackers belonging to advertisers, and the oversharing of customer information with these trackers, is a pervasive problem in both health tech and government space, he explains. Once shared, advertisers have used this information to target ads at users for complementary products (based on health data); this has happened multiple times in the past few years, including at Goodrx. Although this does not fit the traditional definition of a data breach, it essentially results in the same outcome — an entity and the use case the data was not intended for has access to it. There is usually no monitoring/auditing process to identify and prevent the issue.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers