"Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data"

US healthcare provider Novant Health has recently notified patients that their protected health information may have been leaked through a tracking tool linked to Facebook.  The company did not specify how many patients were affected by the pixel tracking but mentioned that they had mailed 1.3 million notification letters.  Data potentially leaked included demographic information such as email address, phone number, computer IP address, and contact information entered into Emergency Contacts or Advanced Care Planning.  Also, potentially leaked information includes appointment type and date, physician selected, button/menu selections and/or content typed into free text boxes.  Novant noted that the information did not include Social Security numbers or other financial information unless it was typed into a free text box by the user.  Novant explained that the letter they sent to affected individuals specifically states whether such financial information may have been involved.  According to the company, the leak would have taken place following an incorrect configuration of an online tracking tool from the Facebook parent company Meta.  In May 2020, Novant Health launched a promotional campaign to connect more patients to the Novant Health MyChart patient portal, with the goals of improving access to care through virtual visits and to provide increased accessibility to counter the limitations of in-person care.  The campaign involved Facebook advertisements and a Meta tracking pixel placed on the Novant Health website to help understand the success of advertisement efforts on Facebook.  It was noted that pixel was misconfigured and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal.  Once made aware of the potential issue, Novant said it immediately disabled and removed the pixel from their site.

 

Infosecurity reports: "Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data"

Submitted by Anonymous on