Yet another story which illustrates the importance of Cybersecurity Awareness Month! Advocate Aurora Health reported a data breach that could affect up to 3 million patients!
According to Fierce Healthcare (Advocate Aurora says 3M patients’ health data possibly exposed through tracking technologies, written by Annie Burky), Advocate Aurora Health gave notice to patients that their health data may have been exposed through internet tracking technologies from Facebook and Google.
Advocate Aurora Health is a 27-hospital healthcare system in Wisconsin and Illinois with over 500 sites of care and $14 billion in annual revenue.
Up to 3 million patients may have been impacted in the breach against the health system, which is one of the Chicago area’s largest healthcare providers.
Advocate Aurora explained in a statement on its website that through the use of internet tracking technologies certain interactions on the provider’s website were leaked. The technologies from companies like Google and Facebook’s parent company Meta put pieces of code, called pixels, on certain websites and applications.
“These pixels or similar technologies were designed to gather information that we review in aggregate so that we can better understand patient needs and preferences to provide needed care to our patient population,” the health system said in the online statement. “We learned that pixels or similar technologies installed on our patient portals available through MyChart and LiveWell websites and applications, as well as on some of our scheduling widgets, transmitted certain patient information to the third-party vendors that provided us with the pixel technology.”
The health system said it has disabled and/or removed the pixels from its platforms and launched an internal investigation to better understand what patient information was transmitted to third-party vendors.
“Out of an abundance of caution, Advocate Aurora Health has decided to assume that all patients with an Advocate Aurora Health MyChart account (including users of the LiveWell application), as well as any patients who used scheduling widgets on Advocate Aurora Health’s platforms, may have been affected,” Advocate Aurora Health officials wrote in the statement.
Sensitive information including IP address, physical location, name and protected health information may have been exposed for the 3 million patients in question. While the investigation will reveal the extent of the breach, Advocate Aurora wrote in the related statement that it believes Social Security numbers, financial accounts and credit card or debit card information were not involved in this incident.
This isn’t the first instance of pixels being used to collect data from healthcare websites: A long string of complaints and lawsuits against hospitals and Meta for collecting data on hospital websites has included UCSF Medical Center, Dignity Health, Northwestern Memorial Hospital and Baltimore’s Medstar Health System. Litigants claim that the data acquired violates the Health Insurance Portability and Accountability Act (HIPAA).
The battle of personal data collection (including healthcare data) vs. personal data privacy wages on. Looks like those tracking pixels are bad for your health…care data! See what I did there!
So, what do you think? Should all healthcare sites drop the use of tracking pixels? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.