Aurora patient information breached; 3 million patients exposed

Personal health information for up to 3 million patients in Illinois and Wisconsin may have been exposed to outside companies through tracking technology used on a major hospital system’s electronic medical records website.

Advocate Aurora Health, which operates 27 hospitals, said in a statement that the breach may have exposed information including a patient’s medical provider, the type of appointment or medical procedure, dates and locations of scheduled appointments and IP addresses.

The system said its investigation found no social security numbers, financial information or credit and debit card numbers were involved.

The system blamed the breach on its use of pixels — computer code that collects information about how a user interacts with a website — including products developed by Google and Facebook’s parent company Meta that make the collected information available to those companies.

Also Read :  Bank CEOs increasingly turning pessimistic on economy | News, Sports, Jobs

“These pixels would be highly unlikely to result in identity theft or any financial harm, and we have no evidence of abuse or incidents of fraud stemming from this incident,” the statement said. “Nevertheless, we always encourage patients to regularly review their financial accounts and report any suspicious, unknown or improper activity immediately.”

The healthcare industry’s use of pixels has drawn widespread criticism from privacy advocates who warn that the technology’s use violates federal patient protection laws.

Also Read :  Twitter lays off staff as Musk blames activists for 'massive' ad revenue drop

A report published in June by The Markup found that many of the nation’s top-rated hospitals were using the Meta Pixel, collecting and sending sensitive patient information to social media companies.

Attorney Aurora Health’s statement did not specify what prompted its decision to publish its use of pixels on the MyChart website where patients book appointments, communicate with providers’ offices and view test results. The statement said the health system has disabled or removed all pixels and is continuing to investigate internally.

Also Read :  University of Utah launches center for financial technology, student entrepreneurship

The health system notified the Department of Health and Human Services about the breach affecting up to 3 million patients on Friday, according to the agency’s public log of its investigations.

Nicholson Price, a law professor focused on health care innovation at the University of Michigan, said the announcement is a reminder that health information is often less protected than American consumers hope.

“Patients see these login pages as a place to see particularly private information,” Price said. “So it’s more surprising (to them) to learn about this kind of tracking technology being used there.”


Leave a Reply

Your email address will not be published.