Another healthcare industry firm has a privacy scare with Advocate Aurora Health announcing up to 3 million patient data may have been exposed to third-party tracking data. The third-party tracking services in question are not named, however, it works similar in concept to Google and Facebook, which load “tracking code pixels” on specific websites and applications.
In a statement posted on its website, Advocate Aurora Health explains that the tracking pixels used are to help them “understand how patients and others interact with our websites.”
The data breach appears to have occurred once “we learned that the pixels installed on our patient portals available through MyChart and LiveWell websites and applications…transmitted certain patient information to the third-party vendors that provided us with the pixel technology.”
As of today, Advocate Aurora Health states that the tracking technology and pixels have been removed from their websites, applications, and patient portals.
If you are a patient of Advocate Aurora Health, they “decided to assume that all patients with an Advocate Aurora Health MyChart account (including users of the LiveWell application)” are affected.
Interestingly, the announcement specifically mentions the use of logging into the portals with a Facebook or Google account. While Advocate is not specifically mentioning Facebook or Google as the culprit, it appears users choosing to login with those accounts as a single-sign-on (SSO) mechanism may be affected.
Advocate does not believe any social security numbers, financial account, credit or debit card information was involved in the data breach.
Advocate is recommending all users login to the portals by using Incognito mode, “blocking or deleting cookies”, and “adjusting privacy settings in Facebook and Google.”
It’s not clear how using Incognito mode would have any affect, if a SSO login using Facebook or Google would have contributed to the breach.
Healthcare data breaches and ransomware attacks remain a regular occurrence, so all users of healthcare patient portals should remain on guard.
