The security breach only affected patients of Kaiser Foundation Health Plan (KFHP) in Washington. As a result, sensitive information was exposed, such as patients’ names, medical records, service times, dates, and laboratory results. According to the company, Social Security Numbers (SSN) and credit card details were not compromised. Within hours, Kaiser Permanente revoked the attacker’s access to the email account and initiated an investigation to determine the incident’s impact. “After discovering the event, we quickly took steps to terminate the unauthorized party’s access to the employee’s emails. This included resetting the employee’s password for the email account where unauthorized activity was detected. The employee received additional training on safe email practices, and we are exploring other steps we can take to ensure incidents like this do not happen in the future,” stated Kaiser Permanente. The health care provider did not find evidence that the PHI saved in the hacked email account was taken or misused after the incident, but this possibility cannot be ruled out completely. While Kaiser Permanente did not specify the exact number of patients affected in its breach report, information filed with the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) indicates that 69,589 people had their PHI exposed as a result of the incident.

https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-exposes-health-data-of-69k-people/