Toni Dimaano Tech 10.20.2022 22:Oct PM EDT

Wisconsin, Illinois Healthcare System Breach Impacts 3 Million Patients

Advocate Aurora Health discontinues pixel tracking use after discovering that patients' health information might be compromised.

The healthcare system which consists of 26 hospitals in Wisconsin and Illinois has recently notified its patients about a potential medical data breach.

The Incident Exposes 3M Patient Logs Due To Meta Pixel

According to Bleeping Computer, the incident stems from the misuse of Meta Pixel tracking on the Advocate Aurora website, where three million patients' sensitive information has been affected.

Meta Pixel is a tool used by organizations to track website visitor activity, which lets operators understand how they interact with the site to make necessary improvements.

Despite having multiple password-protect patient portals, Meta Pixel still sends packets of data to Facebook that includes highly sensitive protected health information.

Patients' medical conditions, doctors' names, and unique IP addresses are shared with a network of marketers who make advertisements that match their conditions.

Health IT Security writes that Advocate Aurora has previously used Meta Pixel as a third-party service vendor, granting it access to patient portals and scheduling widgets.

However, the healthcare system later learned that the technology also gathers patients' locations, medical records, insurance information, and correspondence with other people.

Following this knowledge, Advocate Aura has released a notice to warn the public that they have launched an internal investigation about the matter and have since disabled the pixels.

Furthermore, Advocate Aurora Health says that they will be evaluating any tracking technology that they will be using in the future under the system's enhanced and robust vetting process.

No Information Misuse Has Reached Advocate Aurora Yet

According to Health IT Security, patients might find the effects of the incident differently, depending on their browser configuration, uses of cookies, and other account settings.

"These pixels would be very unlikely to result in identity theft or any financial harm, and we have no evidence of misuse or incidents of fraud stemming from this incident," the company tells CBS Chicago.

However, Advocate Aurora spokesperson Brigid Sweeney says that the company has not received any reports yet on possible information misuse resulting from the data breach.

Bleeping Computer says that privacy breaches have taken over the United States in recent years, exposing millions of people to third-party threats and starting class action lawsuits.

In August, Novant Health disclosed that Meta Pixel's improper use of medical data from their "MyChart" portal had exposed 1.3 million patients in its implementation.

The healthcare system continues to encourage patients to review their financial accounts and to immediately notify authorities of any suspicious or unauthorized activity in their accounts.

Patients can also contact the Advocate Aurora Health line at 866-884-3206 from 7 a.m. to 7 p.m. on weekdays and from 9 p.m. to 2 p.m. on Saturdays should they have any concerns.

Advocate Aurora Health has also compiled a Frequently Asked Questions page to help patients find answers about the breach, which can be accessed through this link.