The US-based hospital healthcare system Advocate Aurora Health (AAH) disclosed a data breach that exposed the personal data of 3,000,000 patients. The company is notifying the impacted individuals.
The compromised websites contained sensitive personal and medical information entered by the patients.
Exposed patients’ data includes:
Privacy experts pointed out that the Meta Pixel code, which is also used by many other hospitals, sends sensitive data to Meta that uses them for marketing purposes.
“In an effort to deliver high quality services to its community, Advocate Aurora Health uses the services of several third-party vendors to measure and evaluate information concerning the trends and preferences of its patients as they use our websites. To do so, pieces of code known as “pixels” were included on certain of our websites or applications. These pixels or similar technologies were designed to gather information that we review in aggregate so that we can better understand patient needs and preferences to provide needed care to our patient population.” reads the Notice of data breach published by the company. “We learned that pixels or similar technologies installed on our patient portals available through MyChart and LiveWell websites and applications, as well as on some of our scheduling widgets, transmitted certain patient information to the third-party vendors that provided us with the pixel technology.”
Advocate Aurora Health assumed that all patients with an Advocate Aurora Health MyChart account (including users of the LiveWell application), as well as any patients who used scheduling widgets on Advocate Aurora Health’s platforms, may have been impacted. The way users may have been impacted depends on multiple factors, such as their choice of browser, the configuration of their browsers, the management of their cookies, and whether they have Facebook or Google accounts.
The healthcare system has disabled the Pixel tracker on all websites and applications and is evaluating how to mitigate the risk of data breach in the future
Advocate Aurora Health recommends patients block or delete cookies or using browsers that support privacy-protecting operations.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Advocate Aurora Health)