A major data breach at health insurance giant Blue Shield of California appears to be a case of misconfiguring advertising analytics tools. Between April 2021 and January 2024, Google Analytics was misconfigured causing some personal information and potentially sensitive health data related to claims and searches to be available to Google’s ad network.
Planned Parenthood lab services provider Laboratory Services Cooperative (LSC) has disclosed a data breach that exposed the health data of 1.6 million people after hackers breached its systems.
Oracle Health data breach stemming from a legacy server affected multiple hospitals and healthcare organizations, potentially leaking sensitive patient information.
HealthEquity is notifying 4.3 million individuals of a third-party breach that leaked their personal (PII) and protected health information (PHI) after an unauthorized actor accessed a vendor’s data repository.
The damage tally from the massive MOVEit data breach continues to go up, as a US government contractor is reporting that 8 to 11 million records of health data have been exposed.
Washington’s My Health My Data Act (“MHMDA”) broad scope and definitions will undoubtedly expand its reach to data not normally considered health data and businesses who do not traditionally consider themselves to be health care providers or to be collecting consumer health data.
GoodRX admits no wrongdoing in the settlement, claiming that the health data it shared could not identify an individual user's health condition. The company was found to be sharing data with 20 marketing firms.
Medibank has opted to ignore demands for ransom payments for the recent data breach of about 9.7 million health data records. Criminals have published a fraction of the stolen data on the dark web, including those of high-profile politicians.
Apps handling sensitive health data, including some that interface with labs and other entities covered by HIPAA privacy regulations, were found to be sharing health data with third party trackers that provide cues for targeted Facebook ads.
A third-party platform that has the ability to pull fitness tracking data from nearly all of the major wearable device providers has been breached, leaving about 61 million records exposed.