Search This Blog

Powered by Blogger.

Blog Archive

Labels

Another Health Entity Reports Breach Linked to Meta Pixel Use

WakeMed Health and Hospitals reported of an unauthorized access/leak compromise impacting around 500,000 individuals.


About the Breach

Another healthcare enterprise is treating its earlier use of FB's Pixel website tracking code in patient portals for a data breach requiring regulatory notification. WakeMed Health and Hospitals from North Korea informed the Department of Health and Human Services on 14 October of an unauthorized access/leak compromise impacting around 500,000 individuals. 

The entity's compromise notification statement said "select data"- it includes email addresses, novel coronavirus vaccine status and appointment info, and phone numbers- may have been sent to Facebook parent Meta via its deployment tracking number code. 

Breached Information

Impacted information didn't consist of Social Security numbers or other financial info, except when the info was put into a free text box by the user. As per WakeMed, it started using Pixel in 2018 and stopped its use after May. 

"WakeMed is a co-defendant in at least one proposed class action lawsuit filed in a North Carolina federal court involving its use of Pixel. That lawsuit, filed against Meta Platforms, WakeMed, and Duke University Health System on Sept. 1, alleges the medical systems violated medical privacy by the use of Pixel in the websites and patient portals. Neither WakeMed, Duke University Health nor Meta responds to Information Security Media Group's request for comment.," reports Bank Info Security.

Similar Compromise

WakeMed while reporting itself to the HHS' Office for Civil Rights for a data compromise by web tracking tech, joined another big healthcare entity in wanting to be proactive with regulators. Midwest Health System "Advocate Aurora Health" reported in October its usage of Pixel as a data breach impacting 3 million individuals. 

FB Pixel and likewise tracking tools are being scrutinized by privacy advocates, lawmakers, and class action attorneys who gave risen concerns over health data privacy in the wake of the Supreme Court's June decision changing the right to an abortion nationwide. 

The tracking pixels, if used in the manner intended, can gather and send considerable information about the user. 

In the case of a patient portal, it can include sensitive health info entered and viewed by patients that in the end get transferred to third parties. Consumer activity tracking used for marketing is not a right fit for the health sector. 

Lawmakers have contacted Meta CEO Mark Zuckerberg and expressed concern over the company's ability to get across its website tracking tools sensitive health information, which includes medial conditions, treating physician names, and appointment dates. 

BankInfo Security said, "Meta also faces at least four other proposed class action lawsuits about to be consolidated in the Northern District of California related to its use of Pixel and the privacy of health data."


Share it:

Breach Notificaton

Cyber Attacks

Healthcare

Meta

Pixel