data breach

One of the patients of Advocate Aurora has filed a complaint against the company for allegedly sharing sensitive information about patients with social media giant- Facebook. As per estimates, this breach may have affected more than three million patients of Aurora Health.

The patient claims that the patient portal he used to contact his doctors and arrange appointments at Advocate Aurora had a pixel code in which an option of logging in with Facebook was also available, leading to the automatic transmission of data.

Advocate Aurora has a workforce of over 70,000 people, including more than 20,000 nurses, and serves approximately three million patients. The company has operations in Wisconsin and Illinois.

Alistair Steward, in his lawsuit, claimed that whenever individual signs in through the company portal or website, there is an interception between the company portal and Facebook leading to the transfer of information without the consent and knowledge of the patient

Advocate Aurora stated the data breach in the third week of October before the lawsuit was lodged against the company for spreading the patient’s information. The hospital system has deactivated the “pixel system” to address the issue. The hospital institution also stated that an internal inquiry has begun to determine the exact nature of patient information that has been compromised. The information that has been compromised is visit and appointment plans, type of medication, medical history, records, patient insurance data, and patient-doctor privilege.

The HHS list of current investigations into healthcare data breaches demonstrates the scope of the problem, with fresh data breaches reported virtually every day, and in several states. It is claimed that this was the most extensive breach that ever took place in terms of patient count. although several low-level breaches are subsequently taking place as well. For example, a data breach in North Carolina affected more than half a million people at WakeMed hospitals. This news was released along with the Advocate data breach news. 

More than 235,000 people were impacted by a data breach at Keystone Health in Pennsylvania during the previous month.

Advocate Aurora has shown keen interest to merge with Atrium Health. The merged footprint of the new company will include Carolina, Georgia, and Illinois. It will help the company to cater to more than five million patients

The patient has made some revelations stating:

“At all relevant times, Advocate and Facebook knew that the Meta Pixel intercepted and disclosed personally identifiable patient information and PHI,” Stewart said in the complaint. “This was evidenced from, among other things, the functionality of the Pixel, including that it enabled Advocate’s LiveWell portal to show targeted advertising to its digital subscribers based on the products those digital subscribers had previously viewed on the website, including certain medical tests or procedures, for which Advocate received financial remuneration”.

According to the list of cases under investigation by the Department of Health and Human Services, the data breach might have affected the entire patient body of over three million.

Leave a Reply