Computer Virus At Heart Of Kaiser Data Breach

Erin McCann | Government HealthIT | April 7, 2014

Some 5,100 patients treated at Kaiser Permanente were sent HIPAA breach notification letters Friday after a KP research computer was found to have been infected with malicious software. Officials say the computer was infected with the malware for more than two and a half years before being discovered Feb. 12.

The computer was used by the Kaiser Permanente Northern California Division of Research to store research data. The breach, officials note, involved patients participating in specific research studies and may have compromised their names, birth dates, medical record numbers, lab results associated with research, addresses and additional medical research data.

"We have confirmed that the infection was limited to this one compromised server, and that all other DOR servers were and are appropriately protected with anti-virus security measures," said Tracy Lieu, MD, director of the division of research at Kaiser Permanente, in an emailed statement to Healthcare IT News. "It is important to note that the compromised server is used specifically for research purposes at the DOR and is not connected to Kaiser Permanente's electronic health records system."