Kaiser Permanente’s email system infiltrated by cyber attackers

Kaiser Permanente recently disclosed that the medical records of almost 70,000 patients were possibly compromised in a recent data breach.

About the attack

Just over two months ago, Kaiser Permanente was infiltrated by cyber attackers who managed to gain access to a Washington-based employee’s email account. The attacker was able to access the account for “several hours,” during which time they had the potential to access “protected health information” which the Kaiser employee had access to. Once Kaiser detected the unauthorized activity, it immediately blocked the user’s access and launched an investigation into the breach.

What the attack means for Kaiser and its members

Currently, the attack is being investigated by the U.S. Department of Health and Human Services Office for Civil Rights. It does not yet appear that any “identity theft or misuse of protected health information” has taken place. While these findings are encouraging, some cybersecurity experts are concerned about the lack of information that Kaiser has regarding what information was accessed by the attackers.

Chris Clements, vice president of solutions architecture at cybersecurity company Cerberus Sentinel, recently shared his thoughts on the breach:

“It demonstrates the need for organizations to have robust auditing controls to quickly identify what data was accessed by attackers during an incident.”

Clements also mentioned that Kaiser should have informed potentially affected customers about the attack sooner than two months after it took place, so that they could take measures to protect themselves:

“During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns… It’s critical that as a part of their larger cybersecurity culture organizations include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises.”

According to the FBI’s latest intel, such business email compromises have been on the rise in the last few years, with organizations spending over $40 billion in response efforts since 2016.