Millions impacted by data breaches at Blue Shield of California mammography service and more The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp Updated 424 at 915am with a statement from Google pp The sensitive healthcare information of millions in the US has been leaked through data breaches that multiple insurance companies clinics hospitals and more reported recently pp The largest involves Blue Shield of California which informed the US Department of Health and Human Services HHS of an incident impacting 47 million people  pp In breach notification letters and in a notice on its website the insurer said that from April 2021 to January 2024 it used Google Analytics to internally track website usage of members who entered certain Blue Shield sites pp In February the company realized that Google Analytics was configured in a way that allowed certain member data to be shared with Googles advertising product Google Ads that likely included protected health information  pp Google may have used this data to conduct focused ad campaigns back to those individual members We want to reassure our members that no bad actor was involved and to our knowledge Google has not used the information for any purpose other than these ads or shared the protected information with anyone the company said  pp The information shared with Google includes insurance plan name group number zip code gender family information online account numbers medical claim service dates names Find a Doctor search criteria and results and more pp Blue Shield of California said it ended the connection between Google Analytics and Google Ads on its websites in January 2024  pp A spokesperson for Google said Businesses not Google manage the data they collect and must inform users about its collection and use By default any data sent to Google Analytics for measurement does not identify individuals and we have strict policies against collecting Private Health Information PHI or advertising based on sensitive information pp Tech and healthcare companies use of patient data for advertising has been a persistent issue for more than five years  pp The Federal Trade Commission FTC and HHS previously sent a joint letter to about 130 hospital systems and telehealth providers warning of security risks posed by tracking technologies such as the MetaFacebook Pixel and Google Analytics pp The agencies cautioned that such technologies typically embedded in websites and mobile apps collect users identifiable information in ways that are hard for consumers to avoid The agency also said users are often unaware that their health data is disclosed to third parties as a result of the tracking pp Companies like Kaiser BetterHelp GoodRx Premom and Flurry have faced massive penalties for either harvesting sensitive healthcare data or sharing it with thirdparty vendors like Google pp But last year the federal government backed off new regulations it had issued to limit hospitals deployment of webtracking tools after a federal court ruled that the Biden administrations efforts to restrict the use of online trackers by hospitals and other health providers were illegal pp Other healthcare organizations have flooded state regulators with notices of data leaks exposing hundreds of thousands of individuals information  pp Since the beginning of April at least 17 healthcare organizations have reported breaches to regulators in Maine with several surpassing more than 100000 victims  pp Just in the last week Onsite Mammography Kelly Associates Insurance Group Behavioral Health Resources Hamilton Health Care System Central Texas Pediatric Orthopedics and Medical Express Ambulance Service have all reported data breaches resulting from cyberattacks  pp Several of these breaches have been claimed by ransomware gangs who plan to leak the stolen data or already have  pp The attack on Onsite Mammography announced on Monday impacted 357265 people and included names Social Security numbers medical records and other health information pp The sensitivity of the leaked data has already prompted potential class action lawsuits ppJonathan Greigppis a Breaking News Reporter at Recorded Future News Jonathan has worked across the globe as a journalist since 2014 Before moving back to New York City he worked for news outlets in South Africa Jordan and Cambodia He previously covered cybersecurity at ZDNet and TechRepublicppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp