Jonathan Greig reports:
The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently.
The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people.
In breach notification letters and in a notice on its website, the insurer said that from April 2021 to January 2024, it used Google Analytics to internally track website usage of members who entered certain Blue Shield sites.
In February, the company realized that Google Analytics “was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information.”
Read more at The Record.
Note: Although the article claims the Blue Shield of California report is the largest of the pixel-tracking incidents, the largest was actually Kaiser, who wound up notifying 13.4 million patients and members.