On October 29, Kaiser Permanente began notifying employees of a breach that occurred August 24th when their names, Social Security numbers, and other information were mistakenly e-mailed to an individual not authorized to receive such information. From their letter:
[First Name] [Last Name] [Street Address] [City], [State], [ZIP code]
Dear [First Name],
We are writing to let you know of an incident involving the unauthorized transmission of confidential employee information, including some information belonging to you. We take privacy very seriously and we sincerely apologize that this happened. As a result of our investigation, we believe it is highly unlikely that your information has been, or will be used for unlawful purposes. This notification is in compliance with California law, which requires notifying all former and current employees when there is a release of certain confidential information.
On August 24, 2012, an employee in Kaiser Permanente’s Northern California Region Recruitment department mistakenly emailed a list of former Northern California KP employees who left the organization between 1990 and 2006 to a person not authorized to receive the information. Some of these NCAL former employees have since returned to KP in various regions. This list contained, among other information, your name and Social Security number. No personal health information was involved.
The unintended recipient who received the information has been extremely cooperative. Kaiser Permanente’s IT Security conducted a detailed analysis to confirm that the recipient effectively deleted the information and that the information had not been further emailed or printed. As a result of our investigation, we believe it is highly unlikely that your information has been, or will be used for unlawful purposes.
We also wish to reassure you that this incident involved your employment information with Kaiser Permanente only and that none of your personal health information as a member of Kaiser Foundation Health Plan was involved.
This situation was brought to our attention in late August, 2012, and we immediately took steps to investigate and secure the information that was inadvertently transmitted. We have since put in place new controls to secure this type of employee information and prevent this from happening again.
We understand your concerns about the privacy of your personal information. Again, we apologize that this unfortunate incident occurred. We have established the following phone number for you to call if you have questions or concerns: 866-578-5413. Thank you.