Google, Facebook parent involved in Advocate Aurora data breach

It’s unclear exactly how long Advocate Aurora has used pixel technology and when it identified a patient information breach. The health system did not immediately respond to a request for comment. But notice of a breach was submitted to the U.S. Department of Health & Human Services’ Office for Civil Rights on Oct. 14. HHS is investigating the issue, which affects 3 million individuals, according to the breach report.

Advocate Aurora says it has disabled and removed the pixels from its platforms and launched an internal investigation to find where patient information was transmitted to.

Advocate Aurora said in the statement that it assumes all patients with an Advocate Aurora Health MyChart account, including users of the LiveWell application, and any patients using scheduling widgets on Advocate Aurora Health’s platforms, may have been affected.

Download Modern Healthcare’s app to stay informed when industry news breaks.

Possible data leaked includes IP addresses; dates, times and locations of scheduled appointments; patients’ proximity to an Advocate Aurora Health location; provider information; type of appointment or procedure; names and medical record numbers; and insurance information. Advocate Aurora says it doesn’t believe at this point that social security numbers, financial information, and credit or debit information was leaked.

“These pixels would be very unlikely to result in identity theft or any financial harm, and we have no evidence of misuse or incidents of fraud stemming from this incident,” Advocate Aurora said.

Many hospitals have used pixel technology on websites and in patient portals. And as patients have realized the possible privacy dangers, some have sued health systems over the issue.

In Chicago, a proposed class-action lawsuit was filed in August against Northwestern Memorial Hospital over its use of Meta’s pixel tracker. The lawsuit alleges that Meta Pixel was capturing highly sensitive medical data from Northwestern Memorial’s portal and selling the information to third-party organizations that would target advertisements to patients.

Similar proposed class-action lawsuits have been filed against San Francisco-based UCSF Medical Center and Dignity Health, and Baltimore’s MedStar Health System.

This story first appeared in our sister publication, Crain’s Chicago Business.

Source link