Healthcare insurer Blue Protect of California has notified 4.7 million people of a possible knowledge breach after unknowingly sharing sufferers’ protected well being data with Google since 2021.
“On February 11, 2025, Blue Protect found that, between April 2021 and January 2024, Google Analytics was configured in a manner that allowed sure member knowledge to be shared with Google’s promoting product, Google Advertisements, that doubtless included protected well being data,” Blue Protect stated in its discover.
“Google could have used this knowledge to conduct centered advert campaigns again to these particular person members. We wish to reassure our members that no unhealthy actor was concerned, and, to our data, Google has not used the knowledge for any function apart from these adverts or shared the protected data with anybody.”
Blue Protect used Google Analytics to trace members’ use of sure Blue Protect web sites. It stated it “severed the connection” to Google Advertisements and Google Analytics in January 2024, a 12 months earlier than it realized of the years-long knowledge assortment.
The well being insurer stated the knowledge which will have been impacted contains one’s insurance coverage plan title, sort and group quantity, in addition to private particulars like affected person title, gender, location, household measurement and affected person monetary duty.
Blue Protect-generated distinctive IDs for members’ on-line accounts, data associated to medical declare service dates and suppliers, and search inputs and outcomes from the “Discover a Physician” characteristic had been additionally shared.
The well being insurer stated Social Safety numbers, driver’s license numbers, and banking or bank card data weren’t disclosed.
Blue Protect filed a legally required disclosure with the U.S. Division of Well being and Human Companies on April 9, stating that 4.7 million people had been affected by the breach. As of final 12 months, the corporate reported having 4.8 million members.
THE LARGER TREND
Verizon launched its 2025 Knowledge Breach Investigations Report this week, which revealed that healthcare stays a favourite goal of attackers.
One other firm that skilled a knowledge breach is multinational pc know-how firm Oracle, which has skilled two separate knowledge breaches in current months, one affecting Oracle Well being clients and one other stated to have resulted from an exploit focusing on Oracle Cloud login servers.
Final month, Yale New Haven reported a cybersecurity incident by which risk actors stole private knowledge of 5.5 million sufferers. The cyberattack triggered IT system disruptions however didn’t have an effect on affected person care.
In 2024, Change Healthcare, a software program and knowledge analytics vendor that gives income cycle administration, medical resolution assist and different operations instruments, introduced it took its methods offline attributable to a cyberattack.
The corporate, which handles claims for tons of of hundreds of physicians, pharmacies and different suppliers and processes numbering round 15 billion transactions yearly, was struck by BlackCat ransomware, leaving its operations basically debilitated.
