Novant Health, a US-based healthcare provider, has recently disclosed that the private info of more than 1.3 million people was mistakenly gathered by a misconfigured tracking pixel on Facebook.
According to a press release, Novant Health began an ad campaign on Facebook in May 2020 referring patients to its MyChart portal where they could manage virtual medical visits and schedule COVID-19 vaccination appointments.
“The campaign involved Facebook advertisements and a Meta (Facebook parent company) tracking pixel placed on the Novant Health website to help understand the success of those advertisement efforts on Facebook,” the company said. “However, the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal.”
Because of this misconfiguration, the protected health information (PHI) of some patients was exposed to Meta and its marketing partners. This includes:
- Email addresses
- Phone numbers
- IP addresses
- Emergency contact information
- Appointment type and date
- Selected physician
- Portal menu selections
- Any content typed into the “free text” boxes
In some cases, the data leak may have exposed Social Security numbers or financial information, but only if the patient had typed it into a text box.
“Immediately upon becoming aware that the pixel had the capability to transmit unintended information to Meta, Novant Health disabled and removed the pixel as a precaution and began an investigation to learn whether, and to what extent, information was transmitted,” the health provider added.
Novant Health told impacted individuals not to worry about the security of their electronic health records as there is no evidence of data misuse from Meta or any of its advertising partners, as Facebook’s Terms and Conditions claim that no sensitive personal data is integrated into their Ad Manager.
The company has also made multiple requests to Meta to purge mistakenly collected user data from its system and is still awaiting a response.
Are you struggling to safeguard your privacy and private information in the data breach pandemic?
Bitdefender offers comprehensive security and privacy plans that cater to all your digital needs, whether you’re looking for a solution to thwart identity theft or an easy way to manage your digital footprint and enhance your online safety.
With Bitdefender Ultimate Security plans (for the US only) you can protect up to 10 devices with award-winning technologies that predict, prevent and remediate new and existing cyberthreats. The all-in-one solution provides unlimited VPN traffic, and the cross-platform Password Manager and identity theft protection features include real-time fraud monitoring, data breach monitoring, credit report monitoring, fraud alerts, credit freeze and lost wallet assistance, and an insurance policy of up to $2 million, depending on your chosen plan.
If you need an easy-to-use tool to help you in cleaning up your digital footprint and avoid privacy threats including account takeovers due to a data breach or leak, check out Bitdefender Digital Identity Protection. Our service shows you the extent of your online presence, helping you find any exposed personal data in legal or illegal collections of data with 24/7 data breach monitoring.