Security News > 2022 > October > Oops, web trackers may have leaked 3 million patients' info
A hospital network in Wisconsin and Illinois fears visitor tracking code on its websites may have transmitted personal information on as many as 3 million patients to Meta, Google, and other third parties.
Advocate Aurora Health reported the potential breach to the US government's Health and Human Services.
"We learned that pixels or similar technologies installed on our patient portals transmitted certain patient information to the third-party vendors that provided us with the pixel technology," AAH said.
AAH said it - like so many other organizations, government and private - was using the trackers to aggregate user data for analysis, and it only seems to have just occurred to the nonprofit that this data is private health information and shouldn't really be fed into Meta or Google.
Like a similar incident in August at Novant Health, once AAH realized the pixels were leaking patient data, it removed the tracking code from its webpages and is still evaluating how to prevent a future snafu.
"To the extent any tracking technologies are proposed in the future, such technologies will be evaluated under Advocate Aurora's enhanced, robust technology vetting process consistent with our commitments to patient privacy," the hospital group said.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/20/health_group_says_tracking_pixel/