Healthcare security breach: 3 million patients exposed thanks to Facebook tracker

hacker looking at medical records
© Vchalup | Dreamstime.com

The internet has given us 24/7 access to unlimited information, but it’s come at a price. The danger from scammers and hackers is never far away, but they’re not the only ones you have to worry about.

Legitimate companies track you from one website to another, building an online profile of you, selling your data and targeting you with ads. Fortunately, Apple fans can quickly put a stop to this. Tap or click here to prevent cross-site tracking on your iPhone, iPad and Mac.

A healthcare system was recently involved in a data breach, exposing the medical records of millions of people. And Facebook is to blame for the whole fiasco. We’ll show you why and what you can do about it.

Here’s the backstory

Like countless other organizations, Advocate Aurora Health (AAH) tracks people’s actions on its websites. AAH states that this is done to understand patient needs and preferences better to provide needed care to its patient population.

AAH uses pixel technology to accomplish this goal on its MyChart and LiveWell websites and applications and its scheduling widgets. Pixels are pieces of code that website developers can add to their site that lets them track Facebook users.

Companies can also see when customers act after seeing their ads on Facebook and Instagram. All that data is shared with Facebook to use for its own purposes.

AAH recently announced a data breach wherein the personal data of millions of patients was transmitted to the third parties that provided the pixel technology, namely Facebook and Google. According to the Department of Health, 3 million people were affected by the breach.

If you’re part of AAH, the following information may have been leaked:

  • Your IP address.
  • Dates, times and/or locations of scheduled appointments.
  • Your proximity to an AAH location.
  • Information about your provider.
  • Types of appointments and procedures.
  • Your MyChart communications, which may include your name and medical record number.
  • Information about your insurance.
  • If you had a proxy My Chart account, your first name and the name of your proxy.

AAH launched an internal investigation and says that no Social Security number, financial account, credit card or debit card information was leaked.

The organization suggests ordering a free credit report and placing a fraud alert on your credit file. You should also keep an eye out for suspicious activity on your accounts. Tap or click here for ways to get your credit report for free.

Both MyChart and LiveWell have active Meta Pixel data trackers. AAH has disabled or removed the pixels from its platforms.

RELATED: A hacker’s secret weapon: Your reused passwords – Why now is the time to stop this bad practice

Not all breaches are created equal

Data breaches happen all too often, and the level of information involved can vary. Sometimes it’s just your username. Other times it’s more serious such as your financial credentials or Social Security number. In this case, it’s medical information.

What’s more, we learned your medical information is being shared with third parties. This is outrageous and unacceptable. But you can do something about it regarding Facebook, at least.

Change your Facebook privacy settings

If you have a Facebook account, review your privacy settings. When you visit a website or use an app, it may share your data with Facebook. This is used for targeted advertising and suggestions on the Facebook platform. You can review, delete and disable this setting.

Manage off Facebook activity on your computer

  • Click the down arrow or your profile in the top-right of Facebook.
  • Select Settings & Privacy > Settings.
  • Click Privacy and then Your Facebook Information from the left column.
  • Select Off-Facebook Activity to review.
  • Click Clear Previous Activity to delete your history so far.
  • Click Disconnect Future Activity, then toggle off Future Facebook Activity.
  • Confirm your choice and you’re done.

Manage off Facebook activity on mobile

  • Tap the three-line menu in the bottom right of the Facebook app.
  • Select Settings or the gear icon.
  • Scroll down and select Off-Facebook activity.
  • Tap Clear History.
  • Tap Disconnect Future Activity, then toggle off Future Off-Facebook Activity.
  • Tap Turn off to confirm your choice.

There are lots of Facebook privacy settings you should review beyond this. Tap or click here for 10 Facebook privacy and security settings you need to change right now.

Drop Facebook for good

If you really want to take back your privacy from Meta, delete your Facebook account. But before you do so, download your photos, videos and any other data you may want. Tap or click here for our guide on getting your stuff off Facebook.

Ready to say goodbye to Facebook for good? Here’s how to do it from your computer.

  • Log into Facebook and click the downward-facing arrow in the top-right.
  • Go to Settings & Privacy > Settings.
  • Select Your Facebook Information in the left column.
  • Click Deactivation and deletion.
  • Select Delete account, then Continue to account deletion.
  • Click Delete account and enter your password, then click Continue.

You have 30 days to change your mind about deleting your account. After that time passes, you can’t take it back. To cancel the deletion process, log in to your Facebook account and click Cancel Deletion.

Keep reading

Genealogy site data breach: See if your info was leaked

Scam alert: 5 most costly data breaches (plus 5 states most targeted)

Tags: Apple, Apple iPad, Apple iPhone, Apple Mac, breaches, Facebook, hackers, healthcare, Instagram, internet, medical records, scammers, security