by Anne-Marie Sullivan
Article filed in

Was Kaiser Permanente’s email data breach avoidable?

by Anne-Marie Sullivan

Kaiser Permanante Data Breach ReportHealthcare data breaches caused by email are preventable

Don’t let your healthcare organization be the next data breach headline. 69,589 Kaiser Permanente notified members this week that there was a data breach at the Kaiser Foundation Health Plan of Washington. An unauthorized party accessed an employee’s email account on April 5, according to a notice posted on the Kaiser Permanente website.

Data breaches are preventable. It is a fact that highly personal, sensitive, and confidential patient information needs to remain private. By implementing HIPAA compliant and secure inbound and outbound email solutions, healthcare organizations can avoid fines, downtime, recovery, lawsuits, and costs of lost business. Find out what happened to Kaiser Permanente and how your healthcare group can avoid being the next headline because of weak email security.

Kaiser Permanente immediately terminated access. Subsequently, an investigation began as soon as the breach was discovered.  The letter states that the attacker accessed their system illegally. After several hours of illegal access Kaiser stopped the activity. The organization could not rule out the possibility that the unauthorized party accessed the PHI contained in the emails, although no indications indicated this had occurred.

Names, dates of service, medical record numbers, and results of laboratory tests were included in the emails.

How Paubox Email Suite prevents data breaches like Kaiser Permanente’s recent disaster

  • Use Paubox Email Suite to ensure that all outbound email from your organization is HIPAA compliant and HITRUST CSF certified.
  • Paubox patented technology encrypts every email sent from your server, eliminating the risk of user error and accidentally violating HIPAA compliance. 
  • Use Paubox Premium Email Suite’s patented and patent-pending features to stop inbound attacks from phishing, ransomware, identity spoofing, malware, and other threats from bad actors who are purposefully going after healthcare. 

“After discovering the event, we quickly took steps to terminate the unauthorized party’s access to the employee’s emails,” the notice emphasized.

“This included resetting the employee’s password for the email account where unauthorized activity was detected. In addition, the employee received additional training on safe email practices. As such, we are exploring other steps we can take to ensure incidents like this do not happen in the future.”

Recovering from data breaches caused be weak email security is costly and impacts thousands

Kaiser Permanente began notifying impacted patients by mail on June 3 and reports exploring additional options to prevent future incidents. At present, all affected patients appear to live in Washington State. A year’s worth of free credit monitoring services to anyone effected because of Kaiser’s steps to remedy damages.

Secure, HIPAA compliant email security solutions developed for healthcare to avoid data breaches

Healthcare organizations should reach out to Paubox and secure their inbound and outbound email to prevent data breach disasters. The Paubox solution is specifically for healthcare and it it continually evolves and meets healthcare customer needs. No other HIPAA compliant email solution addresses covers the risks around HIPAA compliance and provides iron-clad security like Paubox. 

Email security that is easy to implement

The solution is simple and elegant for healthcare IT. And the product implements within minutes out of the box. In addition, an API version is available that easily integrates into existing systems. End users don’t need training because it is easy to use. Also, no changes in end-user behavior is necessary. The solution does not require portals, passcodes, or plugins. All the heavy lifting is behind the scenes, therefore it is a win-win for healthcare staff and healthcare IT. 

Let Paubox be your ally in healthcare’s war against cybercrime. Get our free trial today, and avoid becoming the next healthcare organization to make headlines for a data breach.

Was Kaiser Permanente’s data breach caused by email avoidable? Likely, yes.

Contact the experts at Paubox to help with your secure HIPAA compliant email needs. Paubox solutions put the power and ease of email back into that hands of healthcare for better, safer, and HIPAA compliant patient and provider experiences.

HITRUST CSF certified
4.9/5.0 on the G2 Grid
Paubox sends millions of HIPAA certified and secure emails every month.

Try Paubox Email Suite Plus for FREE today.

Try Paubox Email Suite Plus for FREE today.