The San Jose Mercury News has reported that the California Department of Managed Care has levied its largest privacy fine ever — $200,000 — against Kaiser Permanente of Northern California.
The California agency found that Kaiser had left sensitive patient information accessible on a public website. The information, including names, addresses, phone numbers, and lab results, has been accessible “for up to four years.” The breach was finally made public by a disgruntled former employee who blew the whistle by linking to the data on her online blog.
In this case, the concern isn’t so much that a criminal might have used a person’s name, address and phone number to steal their identity. “It’s more that your most recent gynecologic visit might be publicly available,” Ehnes said.
As you could probably guess, Kaiser is now suing the the former employee for publicizing the privacy breach.