DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Community Health Network notifies patients of meta pixel breach

Posted on November 23, 2022 by Dissent

Community Health Network in Indiana has become the latest healthcare entity to notify patients that their protected health information was transmitted via trackers on their website from Google and Meta. Their FAQ page attempts to explain it in basic English and does a good job, but there’s no getting around this:

Any individual who visited the Community MyChart patient portal or scheduled an appointment on the eCommunity.com website since the date we began using these third-party tracking technologies (April 6, 2017), may have been involved. However, because the type of information transmitted through the tracking technologies varied depending on the configurations on the user’s device and the user’s activity on the Community website and MyChart patient portal, Community cannot determine with certainty whose information was transmitted. For example, if an individual adjusted the settings on their device to block or delete cookies, or if they use only browsers that support privacy-protecting operations, their information likely was not involved, even if they accessed MyChart or the eCommunity.com website during the time in question.

And while there is no guarantee any one individual had any or all of the following fields involved, they might have if they didn’t block cookies in their browser and depending on what they interacted with on the site:

  • User’s IP address
  • Dates, times, and/or locations of scheduled appointments
  • Information about the patient’s provider
  • Type of appointment or procedure scheduled
  • Communications between the user and others through MyChart
  • First name and last name
  • Medical record number
  • Email address
  • Phone number
  • Contact information entered into Emergency Contacts or Advanced Care Planning
  • Information about whether the patient had insurance
  • Proxy name and contact information
  • Website button/menu selections

You can read their full notice on their website.

The incident was reported to HHS as affecting 1.5 million patients.

By now, millions of patients have been notified.  At some point, we will ask questions like, “Why wasn’t this discovered sooner? (It was). Why didn’t these entities know what was being sent out of their system? Why didn’t Google and Meta inform the entities more about what was involved and how it worked?”

Will all data be deleted? I would hope so, especially since abortion clinic trackers could put patients at risk of criminal prosecution in some parts of the country. In the meantime, the number of notifications and lawsuits mounts.

Category: Breach IncidentsCommentaries and AnalysesExposureHealth DataU.S.

Post navigation

← Ca: OSSTF victim of ransomware attack, notifies members of personal data compromised
Update: Norman Public Schools’ employee and student leaked on dark web by ransomware gang →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.