3 Million Patients Exposed Over Incorrect Usage of Meta Pixel
The Incident Impacted 26 Hospitals Within the Advocate Aurora Health Group.
Advocate Aurora Health (AAH), a 26-hospital healthcare group in Wisconsin and Illinois, is informing its patients of a data breach that disclosed 3,000,000 individuals’ personal information.
The incident occurred as a result of the incorrect usage of Meta Pixel on AAH’s websites, where patients log in and provide sensitive personal and medical information.
What Does Meta Pixel Do?
As Meta Pixel is used by multiple hospitals across the United States, this data breach has sent shockwaves through the country, exposing the personal information of millions of people to unauthorized parties and generating class action lawsuits against the companies at fault.
According to Bleeping Computer, in August 2022, Novant Health, a U.S. health care provider, admitted that it had used Meta Pixel incorrectly when putting together the “MyChart” portal, putting 1.3 million patients at risk. AAH also uses the “MyChart” patient portal and the “LiveWell” platform, which both had active Meta Pixel trackers.
What Data Has Been Exposed?
According to AAH’s data breach statement, the following information may have been exposed through Meta Pixel:
- Internet Protocol (IP) address
- Scheduled appointment dates, times, and locations
- Proximity to an AAH facility
- Information about medical providers
- Appointment or procedure type
- MyChart user communications, which may have included first and last names as well as medical record numbers
- Insurance details
- Proxy account information
The incident was reported by AAH to the U.S. Department of Health, which included it on its breach notification page after learning that 3 million people were affected.
All of AAH’s systems no longer have the Pixel tracker enabled, and new measures are being taken to prevent a repeat of this vulnerability. Patients should either use a tracker blocker or browse the web in incognito mode. Patients with a Google or Facebook account are strongly advised to check their security settings.