Protected health information may have been compromised by Meta pixel

North Carolina-based healthcare provider Novant Health has notified its 1.3 million patients that their protected health information may have been compromised, but in a twist, the breach stems from the use of the Meta Platforms Inc. tracking pixels

The health system, which serves four US states, used Meta tracking pixels – JavaScript code that allows websites to track visitors – on hundreds of hospital websites in patient portals. This in itself isn’t a significant issue, but Novant Health was also using tracking pixels in password-protected patient portals, Health IT Security reported today.

Because Meta’s tracking pixels are used in protected portals, data packets would have been sent to its Facebook site each time someone clicked a button to schedule a doctor’s appointment. Facebook is believed to have received protected health information, which could be linked to a user’s unique IP address.

Novant Health first introduced Meta pixels to its websites in May 2020 as part of a promotional campaign to connect patients to its Novant Health MyChart patient portal. “This campaign involved Facebook ads and a Meta (Facebook parent company) tracking pixel placed on the Novant Health website to help understand the success of these efforts on Facebook,” the health system explained in a notice. to patients.

The health system later determined that sensitive information was leaked to Meta on June 17 of this year. Information sent may include contact information, appointment details, computer IP addresses, information entered into free text boxes, and button and menu selections.

However, Novant Health patients aren’t the only ones potentially having their information sent to Facebook. SC Media reported on August 1 that the University of California San Francisco Medical Center and the Dignity Health Medical Foundation filed a lawsuit against Meta in Northern California alleging that Facebook was deleting health data from websites. hospitals without the user’s consent.

Amit Shaked, chief executive of cybersecurity firm Laminar Ltd., told SiliconANGLE that constantly monitoring who or what is accessing or accessing data would almost instantly find out that Meta has full access to sensitive data that it shouldn’t. have.

“IT teams must prioritize visibility of cloud data to prevent third parties from accessing sensitive data, and cloud data security solutions must continuously protect that data, even when it is copied or moved by developers and data scientists,” Shaked said. “Having complete visibility into your data and knowing when a third party has access to sensitive data can help prevent such data breaches.”

Photo: Novant Health

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Comments are closed.