A Meta Pixel misuse resulted in a data breach in AAH healthcare

November 2, 2022
Meta Pixel Data Breach AAH Healthcare US Javascript Tracker

The servers of the Advocate Aurora Health (AAH) non-profit healthcare system have been compromised in a data breach incident, with about 3 million patient data exposed to hackers. According to the researchers, the incident was caused by a JavaScript tracker misuse called Meta Pixel, a tool that patients use to log in and enter their personal and medical data.

The Meta Pixel JavaScript tracker aids website admins monitor visitors’ interaction with the website to make targeted improvements. This tracker also sends users’ data to the Meta (formerly Facebook) company to be shared with a network of marketers, which sends patients with advertisement campaigns related to their health conditions.

 

Several healthcare institutions in the US have been concerned with the Meta Pixel data breach incident, as many of them use the tool for daily operations.

 

Some affected hospitals have considered suing the responsible organisations that caused the data breach that affected millions of patients.

Based on the data breach notification released by AAH, numerous patient data may have been exposed because of the Meta Pixel misuse issue, including IP addresses, medical provider details, appointment schedules and procedures, full names, medical record numbers, insurance details, and proxy account information.

The non-profit healthcare system reported the 3 million affected patients and further details of the incident to the US DoH and has listed it in its breach report portal. As an action for the incident, AAH said to have disabled the Meta Pixel JavaScript tracker on all its systems. The healthcare provider has also applied security measures to prevent further damage and similar cybersecurity events from reoccurring.

Additionally, security experts recommended patients use tracker-blocking settings on their web browsers or activate incognito mode when they login to medical websites. The privacy settings for Facebook and Google account users are also advised to be reviewed, as it mentions critical points about one’s data privacy online.

Patients who suspect being impacted by the AAH data breach incident are advised to visit the healthcare provider’s dedicated FAQ page to find answers to some of their common questions regarding the incident.

About the author

Leave a Reply