Kaiser Permanente Pixel Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating Kaiser Foundation Health Plan, Inc. (“Kaiser”) regarding its recent data breach. The Kaiser data breach involved sensitive personal identifiable information and protected health information belonging to approximately 13.4 million individuals.


Kaiser is a not-for-profit health plan provider and healthcare system based in California. Founded in 1945, Kaiser offers a variety of health insurance plans to individuals and families, including HSA qualified, Medicaid/Medi-Cal, Medicare, and employer-based plans. Additionally, Kaiser provides healthcare services through its 40 hospitals such as cancer and cardiac care, maternity care, and mental health and wellness services. Headquartered in Oakland, California, Kaiser has over 600 medical offices across eight states and employs over 200,000 individuals.


Recently, Kaiser discovered that it had experienced a data breach impacting approximately 13.4 million individuals. The data breach involved sensitive personal identifiable information and protected health information of users who used Kaiser’s public-facing website. Online sources report that online information tracking pixels installed on Kaiser’s website collected and transmitted this sensitive personal information to the third parties providing the pixel technology, including Google, Microsoft, and X (formerly Twitter).1 On April 12, 2024, Kaiser filed official notice of the data breach with the U.S. Department of Health and Human Services’ Office for Civil Rights.

If you believe that you have been impacted by the Kaiser Foundation Health Plan, Inc. data breach:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or sam@turkestrauss.com.

If you were impacted by the Kaiser data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Change passwords and security questions for online accounts;
  3. Regularly review account statements for signs of fraud or unauthorized activity;
  4. Monitor credit reports for signs of identity theft.

Share This Post: