Security News > 2022 > August > Novant Health admits leak of 1.3m patients' info to Facebook

Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta.

Novant finally copped to sending letters to "Some of its patients following possible disclosure of protected health information resulting from an incorrect configuration of a pixel, an online tracking tool," in a statement released late on Friday.

According to the healthcare firm, leaked data also potentially included computer IP addresses, emergency contact information, advanced care planning contacts, appointment types and dates, patients' physicians, and various information types into text boxes or selected from drop-down menus and buttons via its patient portal.

"In this case, the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal," Novant admitted.

Once Novant realized the pixel had been sending patient information to Meta, the health-care company said it "Immediately" disabled and removed the code, and then launched an investigation into what information had been shared with the social media giant.

"Based on that investigation, Novant Health determined on June 17, 2022, that it was possible sensitive information or PHI might have been disclosed to Meta, depending upon a user's activity within the Novant Health website and MyChart portal."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/22/novant_meta_data/