Healthcare Data Breach Exposes 1.3 Million Patients

Do you make use of the “MyChart” portal to refill prescriptions, contact your healthcare providers or make appointments?

If so, you should know that recently, the healthcare giant Novant disclosed a data breach that impacted more than 1.3 million patients.  Impacted patients had their personal information collected by a Meta Pixel ad tracking script.

Meta Pixel, which was formerly known as Facebook Pixel, is a mostly innocuous tracking script used by Facebook advertisers to track the performance of their ads.

According to Novant’s disclosure, the unauthorized access of patient data began in May of 2020 when the company ran a promotional campaign that involved Facebook advertisements.  In a bid to track the effectiveness of those advertisements, Novant utilized the Meta Pixel code.

Unfortunately, the code was not configured correctly on the Novant site, and the company’s “MyChart” portal began transmitting personal information to Meta and its advertising partners.

The patient information that may have been exposed includes:

• Patient Email address
• Patient Phone number
• Patient Emergency contact information
• Appointment type and date
• Patient physician
• Portal menu selections
• IP address
• And any content typed into the “free text” boxes

Unfortunately, the MyChart portal is not a Novant specific technology.  It is utilized by a total of 64 different healthcare service providers around the country. So even if you don’t use Novant to meet your healthcare needs, your personal data may have been compromised due to the misconfiguration of the tracker.

If there’s a silver lining to be found in all of this, it lies in the fact that the company has now identified all  the patients whose data was compromised and has already reached out to them.  If you haven’t received a notification, then you can breathe a sigh of relief as your data was not compromised.