Advocate Aurora Health Exposes Data Of 3M Patients Because Of A Meta Pixel Tracker

Contents

Summary Of The Attack

  • Advocate Aurora Health, which is a 26-hospital healthcare system in Wisconsin and Illinois suffered a data breach that exposed the data of 3 million patients.
  • The issue most likely occurred due to an improperly implemented Meta Pixel tracker.
  • AAh is currently under investigation by the federal government.
  • The official advice to the users is to use web browsers’ trackers-blocking features or to use the incognito mode of the browser when logging in on medical portals.
.

What Happened?

Advocate Aurora Health, AAH, a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3 million patients. The data leakage happened due to the improper usage of Meta Pixel on Advocate Aurora Health’s websites, where patients could log in and enter sensitive medical and personal information.

What Is A Meta Pixel?

Meta Pixel is an analytical tool that allows you to track your website visitors’ activities.

This tool is known as the Facebook retargeting pixel, which is a snippet of code you can insert into the backend of your website and it helps drive and decode key performance metrics generated by a particular platform.

The way it works is by loading a small library of functions that you can use whenever a site visitor takes an action that you want to track.

You will also have options to reach those users again through future Facebook ads. It might be quite surprising that a pixel which is a tiny area on the display screen can also be used for online advertising.

A tracking pixel is a 1×1 graphic that is loaded each time a person checks the website that has the pixel implemented.

All this data should be encrypted and depersonalized if implemented correctly.

What Was The Impact?

This practice is against the data privacy rules of the United States and Aurora Advocate Health is already under investigation and its breach is publicly disclosed on the official site of the United States Department.

This could also lead to AAH being heavily penalized via class action lawsuits.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates

How Did The Data Leak Happen?

Security researchers commenting on the data breach have stated that the main reason for the data breach of 3 million patient records was the poor implementation of the Meta Pixel.

They stated that generally, pixels do not collect the level of information that was disclosed in the data breach which indicates that the implementation must have been done quite