- Home
- Technology & AI
- Data breach in Advocate Aurora ...
There has been a large breach of sensitive information of patient data of which Advocate Aurora Health informed patients. Due to unique tracking technology, the health information of patients has been exposed.
Advocate Aurora claims to be one of the largest healthcare providers in the Chicago territory with an annual revenue of $14 billion from their 500 treatment centers across their network in Illinois and Wisconsin. This breach has affected more than three million people.
A statement was released by the company on its website, in which they explained how specific activities with the provider’s website were exposed due to the use of internet monitoring tools. Several websites and applications nowadays have pixels which are small bits of code installed by known technology giants such as Meta and Google.
The company explained the data breach by stating that this technology of pixels was made to gather information on patients’ examinations which identify the cause and provide care as per the needs and requirements of the patients. After a thorough investigation, it was found that some patient information was transferred to third-party vendors who deployed the pixel on the patient’s portal which can be accessed via several widgets and the Mychart website.
The health system claimed to have turned off and/or removed the pixels from its platforms and to have also commissioned an internal inquiry to learn more about the patient data that was forwarded to other vendors. It was further identified that the account holders of MyChart, the Livewell application, and patients who scheduled meetings with any other widgets were part of the list of affected. Aurora has involved the U.S. Department of Health and released the total number of people affected by this electronic data breach.
The company is still trying to see if it was the settings of the browser, the type of browser, or linked accounts that led to the data exposure.
For the 3 million patients in question, sensitive data including IP addresses, physical locations, names, and protected health information may have been disclosed. Advocate Aurora stated that it believes credit cards/debits card or social security numbers were not affected by this incident, even though the inquiry will determine the scope of the breach.
According to health system representatives, “These pixels would be very unlikely to lead to identity theft or any financial harm, and we have no evidence of misuse or incidences of fraud resulting from this incident.”
Meta Pixel is a JavaScript tracker that tracks user activity on a website to enhance user experience and website functionality. In August, Novant Health announced a similar breach in which the personal information of 1.3 million patients was made available to Google, Meta, and the vast majority of their third-party partners.
The company has asked its patients to take some steps to ensure the security of their data. When logging into the medical portals, log in through incognito mode to hide your browser history and cookies data. It also advises checking the privacy settings on such linked accounts of Google or others.