Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Data of 3 Million Advocate Aurora Health Patients Exposed via Malformed Pixel

Non-profit healthcare provider Advocate Aurora Health is informing 3 million individuals that a malformed tracking pixel has inadvertently exposed protected health information (PHI) to Facebook or Google.

Non-profit healthcare provider Advocate Aurora Health is informing 3 million individuals that a malformed tracking pixel has inadvertently exposed protected health information (PHI) to Facebook or Google.

Headquartered in Milwaukee, Wisconsin, and Downers Grove, Illinois, Advocate Aurora Health operates 26 hospitals and over 500 sites of care, and has more than 75,000 employees.

In a data breach notification on its website, the healthcare system is informing patients that an incorrectly configured tracking pixel – placed on the MyChart and LiveWell websites and applications and on some scheduling widgets – exposed some of their information.

The pixel, the company says, “transmitted certain patient information to third-party analytics vendors that provided us with the pixel technology, particularly for users concurrently logged into their Facebook or Google accounts.”

Potentially exposed information includes IP addresses, information on scheduled appointments, patient proximity to an Advocate Aurora Health location, provider data, type of appointment or procedure, MyChart communications (including names and medical record numbers), insurance details, and the names of patient proxies.

Advocate Aurora Health says it has no evidence that Social Security numbers or financial account and credit/debit card details were exposed in the incident.

“We have disabled and/or removed the pixels from our platforms and launched an internal investigation to better understand what patient information was transmitted to our vendors,” the healthcare provider says.

Advocate Aurora Health says it has found no evidence that the exposed data has been misused and also notes that the misconfiguration is unlikely to lead to identity theft or financial harm.

Advertisement. Scroll to continue reading.

In its data breach notice, Advocate Aurora Health says that it’s informing all patients about the incident. In a filing with the US Department of Health and Human Services, the organization said that three million individuals were impacted.

Advocate Aurora Health is only one of the tens of healthcare providers in the US using similar malformed tracking pixels.

In August, Novant Health informed over 1.3 million individuals of similar PHI exposure, but the issue likely impacts more than 26 million patients at over 30 of the top 100 hospitals in the country.

Related: Australian Health Insurer Medibank Admits Customer Data Stolen in Ransomware Attack

Related: Novant Health Says Malformed Tracking Pixel Exposed Health Data to Meta

Related: New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.