Was Kaiser Permanente hacked?

Yes. The Kaiser Permanente breach occurred on April 12, 2024, affecting 13.4 million records.

What data was exposed in the Kaiser Permanente breach?

Kaiser Permanente disclosed that 13.4 million members had data shared with third-party advertisers via tracking technologies.

What should I do if I was affected by the Kaiser Permanente data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Kaiser Permanente Data Breach

Medium Severity 13.4 million records affected Published February 10, 2026

Company	Kaiser Permanente
Breach Date	April 12, 2024
Disclosure Date	April 25, 2024
Records Affected	13.4 million

In April 2024, Kaiser Permanente disclosed that online tracking technologies on its websites and mobile apps had transmitted personal information of 13.4 million current and former members to third-party advertisers including Google, Microsoft, and X (Twitter).

What Happened

Kaiser Permanente discovered that tracking code embedded on its websites and mobile applications had been sharing user data with third-party advertisers without proper consent. The tracking technologies, including cookies and analytics pixels from Google, Microsoft Bing, and X (formerly Twitter), collected and transmitted member information when users interacted with Kaiser Permanente's digital properties. The organization reported the incident to the U.S. Department of Health and Human Services and subsequently removed the tracking technologies. This was not a traditional cyberattack but rather an inadvertent data sharing through widely used web tracking tools.

What Data Was Exposed

Names
IP addresses
Website and app navigation activity
Search terms used on Kaiser Permanente platforms
Health-related information based on pages viewed
Sign-in status information

Who Is Affected

Approximately 13.4 million current and former Kaiser Permanente members who used the organization's websites or mobile applications. Anyone who browsed Kaiser's digital properties while logged in or identifiable was potentially affected.

How to Check If You Were Affected

Kaiser Permanente sent notification letters to affected members. If you are or were a Kaiser Permanente member and used their website or mobile app, you were likely affected. Contact Kaiser Permanente member services or visit their website for more information about the incident.

What You Should Do Now

Clear your browser cookies and cache
Review and adjust privacy settings in your web browser
Install a reputable ad blocker or tracker blocker extension
Opt out of targeted advertising through Google, Microsoft, and X settings
Review your Kaiser Permanente online account for any unauthorized activity
Consider using a VPN when accessing healthcare websites

Last updated: February 10, 2026