Kaiser Permanente Data Breach
| Company | Kaiser Permanente |
|---|---|
| Breach Date | April 12, 2024 |
| Disclosure Date | April 25, 2024 |
| Records Affected | 13.4 million |
In April 2024, Kaiser Permanente disclosed that online tracking technologies on its websites and mobile apps had transmitted personal information of 13.4 million current and former members to third-party advertisers including Google, Microsoft, and X (Twitter).
What Happened
Kaiser Permanente discovered that tracking code embedded on its websites and mobile applications had been sharing user data with third-party advertisers without proper consent. The tracking technologies, including cookies and analytics pixels from Google, Microsoft Bing, and X (formerly Twitter), collected and transmitted member information when users interacted with Kaiser Permanente's digital properties. The organization reported the incident to the U.S. Department of Health and Human Services and subsequently removed the tracking technologies. This was not a traditional cyberattack but rather an inadvertent data sharing through widely used web tracking tools.
What Data Was Exposed
- Names
- IP addresses
- Website and app navigation activity
- Search terms used on Kaiser Permanente platforms
- Health-related information based on pages viewed
- Sign-in status information
Who Is Affected
Approximately 13.4 million current and former Kaiser Permanente members who used the organization's websites or mobile applications. Anyone who browsed Kaiser's digital properties while logged in or identifiable was potentially affected.
How to Check If You Were Affected
Kaiser Permanente sent notification letters to affected members. If you are or were a Kaiser Permanente member and used their website or mobile app, you were likely affected. Contact Kaiser Permanente member services or visit their website for more information about the incident.
What You Should Do Now
- Clear your browser cookies and cache
- Review and adjust privacy settings in your web browser
- Install a reputable ad blocker or tracker blocker extension
- Opt out of targeted advertising through Google, Microsoft, and X settings
- Review your Kaiser Permanente online account for any unauthorized activity
- Consider using a VPN when accessing healthcare websites
Last updated: February 10, 2026
Protect Yourself After a Data Breach
When your data is exposed in a breach, acting fast is critical. Here's how to lock down your identity:
- Get identity theft protection — monitors your credit, SSN, and dark web exposure 24/7
- Set up credit monitoring — catch unauthorized accounts before they damage your score
- Remove your personal info from data brokers — reduce your exposure to future attacks
- Run a free dark web scan — check if your email appears in known breaches