Advocate Aurora Health Exposes Data Of 3M Patients Because Of A Meta Pixel Tracker
Contents
Summary Of The Attack
- Advocate Aurora Health, which is a 26-hospital healthcare system in Wisconsin and Illinois suffered a data breach that exposed the data of 3 million patients.
- The issue most likely occurred due to an improperly implemented Meta Pixel tracker.
- AAh is currently under investigation by the federal government.
- The official advice to the users is to use web browsers’ trackers-blocking features or to use the incognito mode of the browser when logging in on medical portals.
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.
You're on the list! Just one more step...
Check your email to confirm your subscription.
What Happened?
Advocate Aurora Health, AAH, a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3 million patients. The data leakage happened due to the improper usage of Meta Pixel on Advocate Aurora Health’s websites, where patients could log in and enter sensitive medical and personal information.
What Is A Meta Pixel?
Meta Pixel is an analytical tool that allows you to track your website visitors’ activities.
This tool is known as the Facebook retargeting pixel, which is a snippet of code you can insert into the backend of your website and it helps drive and decode key performance metrics generated by a particular platform.
The way it works is by loading a small library of functions that you can use whenever a site visitor takes an action that you want to track.
You will also have options to reach those users again through future Facebook ads. It might be quite surprising that a pixel which is a tiny area on the display screen can also be used for online advertising.
A tracking pixel is a 1×1 graphic that is loaded each time a person checks the website that has the pixel implemented.
All this data should be encrypted and depersonalized if implemented correctly.
What Was The Impact?
This practice is against the data privacy rules of the United States and Aurora Advocate Health is already under investigation and its breach is publicly disclosed on the official site of the United States Department.
This could also lead to AAH being heavily penalized via class action lawsuits.
Free Security Policy Templates
Get a step ahead of your cybersecurity goals with our comprehensive templates.
How Did The Data Leak Happen?
Security researchers commenting on the data breach have stated that the main reason for the data breach of 3 million patient records was the poor implementation of the Meta Pixel.
They stated that generally, pixels do not collect the level of information that was disclosed in the data breach which indicates that the implementation must have been done quite poorly and without the approval of information security teams to cause sensitive PHI to be disclosed to third parties.
The initial analysis that was conducted by the Advocate Aurora Health’s investigation team showed that data such as:
- IP address.
- Dates and times of scheduled appointments.
- Patient’s medical history.
- Proxy account information.
Advocate Aurora Health’s Response
Currently, the Pixel tracker has been disabled on all systems as notified by Advocate Aurora Health and they have implemented safeguards to prevent something similar like this from happening again.
However, the damage from the current data breach has already been done and the 3 million patient data have already been exposed.
Their official advice to the users is to use web browsers’ trackers-blocking features or to use the incognito mode of the browser when logging in on medical portals.
This should pose a wake-up call for organizations to comprehend the risk they are undertaking when powering their web applications with tracking tools, especially from third-party vendors.
They are not only exposing their patients’ data but also are putting themselves in a situation to face class action lawsuits and fines.
Article by
Share This Article
Our Editorial Process
Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.
Categories
The Breach Report
Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.