Kaiser Permanente said trackers previously installed on its websites and mobile applications “may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications.”
In a statement sent to SecurityWeek, Kaiser Permanente said the exposed information may have included names, IP addresses, and terms users searched for in the health encyclopedia.
“Information that could indicate a member or patient was signed into a Kaiser Permanente account or service, information showing how a member or patient interacted with and navigated through the website and mobile applications” was also compromised, the company said.
While the healthcare giant says it is not aware of the leaked data being misused, information collected by trackers is routinely sold through advertisers, data brokers, and marketers, and the fact that legitimate companies were the recipients of the data is “a small consolation from a data privacy perspective”, Swimlane security automation architect Nick Tausek pointed out in an emailed comment.