Major health insurance provider Blue Shield of California has disclosed having sensitive data from 4.7 million individuals inadvertently shared with Google Ads for nearly three years, according to The Record, a news site by cybersecurity firm Recorded Future.
Misconfiguration in Google Analytics which was used by Blue Shield to track members visiting some of its sites between April 2021 and January 2024 exposed individuals' names, gender, insurance plan names, group numbers, ZIP codes, family details, medical claim service dates, online account numbers, and other information, said the insurer in breach notifications and a website notice. Data sharing with Google has already been halted by Blue Shield, which emphasized that the leaked information had only been leveraged by Google for ads. Blue Shield's disclosure comes almost two years after healthcare providers were warned by the Federal Trade Commission and Department of Health and Human Services against using tracking technologies on their websites. Such a development also follows a series of healthcare breaches reported this month, with Massachusetts-based Onsite Mammography having data from 357,265 people compromised in an October intrusion.
Misconfiguration in Google Analytics which was used by Blue Shield to track members visiting some of its sites between April 2021 and January 2024 exposed individuals' names, gender, insurance plan names, group numbers, ZIP codes, family details, medical claim service dates, online account numbers, and other information, said the insurer in breach notifications and a website notice. Data sharing with Google has already been halted by Blue Shield, which emphasized that the leaked information had only been leveraged by Google for ads. Blue Shield's disclosure comes almost two years after healthcare providers were warned by the Federal Trade Commission and Department of Health and Human Services against using tracking technologies on their websites. Such a development also follows a series of healthcare breaches reported this month, with Massachusetts-based Onsite Mammography having data from 357,265 people compromised in an October intrusion.
