AAH, a 26-hospital healthcare network in Wisconsin and Illinois, is alerting its patients of a data breach that exposed 3,000,000 patients’ personal information. Meta Pixel was misused on the AAH websites, where users log in and provide personal and medical data, which led to the problem.
A JavaScript tracker called Meta Pixel aids website owners in understanding how users interact with the site and enable them to make more focused modifications. The tracker also sends private information to Meta (Facebook), which is shared with a vast network of marketers who use it to target patients with ads relevant to their illnesses.
Since many hospitals in the US employ Meta Pixel, millions of patients were exposed to third parties due to this data breach, which has sparked class action lawsuits against the accountable businesses. In August 2022, American healthcare company Novant Health revealed that it had implemented the “MyChart” interface improperly, exposing 1.3 million patients.
The MyChart patient interface and the LiveWell platform, both of which featured active Meta Pixel trackers, are also employed by AAH. According to AAH’s data breach notification, Meta Pixel may have allowed access to the following data:
- IP address
- Dates, times, and locations of scheduled appointments
- Medical provider information
- Proximity to an AAH location
- Type of appointment or procedure
- Information exchanged between MyChart users, including first and last names and maybe medical record numbers
- Insurance information
- Proxy account information
According to AAH’s disclosure to the US Department of Health,3 million persons were impacted by the incident, which was noted on its breach report portal. The healthcare provider has turned off the Pixel tracker on all systems and is putting safety measures in place to stop a repeat of the exposure.
When login onto medical portals, patients are urged to employ the tracker-blocking tools in their web browsers or to use incognito mode. Those having accounts on Facebook or Google ought to check their privacy settings. AAH has also put together a FAQ page to assist patients in finding answers to typical queries concerning the data breach.
