3M Advocate Aurora patient data compromised via Pixel data scraping

Attorney Aurora Health informs patients that their information has been shared with third-party vendors through Facebook’s Pixel tracking tool. (Photo by Justin Sullivan/Getty Images)

Attorney Aurora Health informs patients that their protected health information has been shared with third-party providers, such as Google and Facebook, as a result of the use of the Pixel tracking tool on its patient portal websites and applications MyChart and LiveWell and some planning tools.

With 3 million patients affected, the privacy incident is among the three largest healthcare data breaches reported this year.

This is the second major disclosure involving the Pixel Tool. Following multiple reports and lawsuits accusing Facebook of extracting health data from hospital websites, Novant Health informed 1.3 million patients that it had inadvertently disclosed patient data using the Pixel tool.

The Markup was the first to detail website scraping by Facebook’s Pixel tool, which found the tool installed on 33 healthcare websites. This is the first patient notice to include Google’s pixel as performing the data sharing practice.

According to his opinion, the attorney Aurora Health previously used Internet tracking technologies, such as “Google and Meta to understand how patients and others interact with our websites.” These services were used to measure and assess patient trends and preferences using the providers’ websites.

“These technologies disclose certain details about interactions with our websites, particularly to users who are simultaneously logged into their Google or Facebook accounts and who have shared their identity and other browsing habits with these companies,” the researchers explained. responsible.

However, the vendor has learned that these pixels or similar technologies installed on its websites do in fact disclose certain protected health information under “specific circumstances to specific vendors”, due to the use of such technologies.

After discovering this unauthorized disclosure, Advocate Aurora disabled and/or removed pixels from its platforms and conducted an internal investigation to understand exactly what patient data was passed to vendors.

Data may include patient IP addresses, dates, times and/or locations of appointments, proximity to Advocate Aurora Health sites, provider details, types of appointments or procedures, communications between the patient and others on the MyChart platform, such as names and medical record numbers. , insurance information and agent names.

The investigation confirmed that no social security number or financial information was involved.

Erring on the side of caution, the provider assumes that all patients with a patient portal account on the affected platforms or who have used their scheduling widgets have been affected. The impact will vary depending on the user’s browser choice, configuration, blocking, deletion or use of cookies, whether the user has a Facebook or Google account and was logged in, and actions user specific.

Attorney Aurora continues to determine how to further reduce the risk of unauthorized disclosure of patient data as it monitors its security systems to assess possible improvements. Any proposed use of tracking technologies will be evaluated as part of its recently updated technology verification process.

Patients are encouraged to block or delete cookies from their browsers and to use browsers with favorable privacy measures, such as incognito mode. Facebook and Google privacy settings can also be adjusted.

This is the second vendor-related incident reported by Attorney Aurora in the past two years. His data was included in the ransomware incident reported by Elekta, a provider of radiation therapy, radiosurgery and clinical management services.

Data of 235,000 Keystone Health patients accessed during month of hack

Pennsylvania-based Keystone Health recently notified 235,237 patients that their data had been accessed for nearly a month during an undetected systems hack in August.

First discovered on August 19, a cyber incident “temporarily disrupted” its computer systems. Officials said they reported the incident to law enforcement and launched an investigation with support from an outside cybersecurity firm. The investigation showed that a threat actor first accessed the network on July 28, until August 19, when the intrusion was detected.

During the wait time, the actor accessed Keystone Health files, including patient data such as names, social security numbers and clinical information. The advisory does not provide further details about the data affected or the type of threat that caused the cyber incident.

In response, Keystone is implementing additional network security measures and providing employees with additional training.

70,000 patients in Valle del Sol have just been notified of the January data breach

Current and former patients in Valle del Sol, Arizona have just been notified of a systems hack that resulted in their protected health information being accessed and stolen as early as January 25th.

“Unusual activity” was discovered 10 months ago, prompting Valle del Sol to take steps to secure the network and minimize the impact of the incident. The investigation confirmed the exfiltration of certain protected health information.

The notice suggests the delayed notification was prompted by a “comprehensive review” to identify impacted patients and data that ended on July 18. However, the notices were not sent until nearly three months later.

As repeatedly stated, the Health Insurance Portability and Accountability Act requires entities affected by PHI violations to report within 60 days of discovery, not at the end of an investigation. Other providers facing similar challenges identifying contacts have instead issued a public notice for those people. Prompt notification allows patients to proactively monitor their credit and reduce the risk of fraud.

Stolen data may include names, social security numbers, dates of birth, driver’s license numbers, clinical or diagnostic data, medical record numbers, Medicare or Medicaid numbers, and identification numbers health insurance member.

Cardiac Imaging Associates reports that PHI was exposed in an email hack in April

Cardiac Imaging Associates recently informed an undisclosed number of patients that their data had been compromised when an internal email account was hacked in April. CIA provides medical imaging services for a range of vendors.

The long delay is attributed to the fact that the CIA only recently concluded its investigation into the incident, which included a “time-consuming review of the contents of email accounts”. The review ended in August and the CIA waited another 60 days before sending notices to patients.

After detecting suspicious activity on the affected account, the CIA secured the system and launched an investigation. The investigation showed that a threat actor had access to the email account for about a week prior to its discovery, between March 30 and April 6. The investigation could not confirm whether or not the actor viewed the emails or attachments.

The compromised account contained data that varied by patient and could include names, social security numbers, dates of birth, driver’s license numbers, financial account details, payment cards, diagnoses, conditions, lab results, medications and treatment information.

The CIA has since improved the security of the systems, as it works to review its existing policies and implements internal training protocols to better prevent a recurrence.

Legacy server hack sparks advisory for patients at 12K Riverside Medical

Just over 12,000 patients linked to Riverside Medical Group in New Jersey were recently notified that their data had been compromised after an old server at its West Orange clinic was hacked.

The security issue was discovered on August 3 on a former independent server used by a vendor to maintain patient vaccination records. A detailed forensic examination revealed that patient health and personal data was stored on the server, which the threat actor potentially accessed or acquired before it was locked down.

Compromised data could include names, birth dates, contact information, gender, immunization records and vaccination dates, provider information, and health plan details including ID number. No social security numbers, driver’s licenses or financial account details have been stored on the server.

The server in question has since been locked down and disabled. No other RMG systems or servers were affected. RMG is currently strengthening existing policies and reassessing possible safeguards to prevent a similar incident.