Advocate Aurora Health this week warned its patients across Illinois and Wisconsin about the potential for a data breach involving tracking pixels in their online patient portal and mobile app.
According to a data breach notice posted on the health system’s website, Advocate Aurora called on third-party providers to help track and assess patient “trends and preferences” when use their website. That’s done with pieces of code, called pixels, found on some health system websites or apps.
“We are aware that pixels or similar technologies installed on our patient portal are available through the MyChart and LiveWell websites and apps, as well as on some of our scheduling utilities. , has transmitted certain patient information to third-party vendors who have provided pixel technology to us,” according to the announcement.
Such data may include “IP address; date, time, and/or location of scheduled appointments; your proximity to the Aurora Health Advocate location; information about your provider; type appointments or procedures; communications between you and others through MyChart, which may include your first and last name and medical record number; information about whether you have insurance; and, if you have a proxy MyChart account, your name and your proxy’s name, “according to the health system
“Based on our investigation, there is no social security number, financial account, credit or debit card information associated with this incident,” the officials added.
In response, Advocate Aurora “disabled and/or removed pixels from our platform and launched an internal investigation to better understand what patient information was transmitted to our providers.” .”
Health system officials said they don’t know exactly how many patients might be affected by the potential breach, but “out of an abundance of caution” it has “decided to assume that all patients are sick.” Patients with Advocate Aurora Health MyChart accounts (including LiveWell app users), as well as any patients who have used the scheduling facilities on the Advocate Aurora Health platform, may have been affected.”
But that number could be as high as 3 million patients, according to a list of cases currently under investigation on the HHS Civil Rights Violations Portal.
The Advocate Aurora message also warns its patients that different users may be affected in different ways, depending on their “browser selection; browser configuration; blocking, deletion, or usage use of cookies; whether they have a Facebook or Google account; whether they are logged into Facebook or Google; and the specific actions users take on the platform.”
In a separate FAQ on its website, Advocate Aurora said it was not aware of any misuse of compromised data – but suggested that patients take precautions such as placing a warning. report fraud to their credit records, review any new reports from their financial institutions, look for suspicious transactions or unusual activity on their accounts.
Twitter: @MikeMiliardHITN
Email the writer: [email protected]
Healthcare IT News is a HIMSS publication.
