Millions are affected by the Advocate Aurora Health Care breach.

Patients at Advocate Aurora Health were notified that their health information may have been compromised due to tracking technology.

The breach against the health system, which is one of the largest healthcare providers in the Chicago area, could have affected up to 3 million patients.

Advocate Aurora explained on its website that certain interactions on the provider’s website were leaked due to the use of internet tracking technologies. Technologies from companies such as Google and Facebook’s parent company Meta place pieces of code known as pixels on specific websites and applications.

“These pixels or similar technologies were designed to gather information that we review in aggregate so that we can better understand patient needs and preferences to provide needed care to our patient population,” the health system said in the online statement. “We learned that pixels or similar technologies installed on our patient portals available through MyChart and LiveWell websites and applications, as well as on some of our scheduling widgets, transmitted certain patient information to the third-party vendors that provided us with the pixel technology.”
The health system stated that the pixels have been disabled and/or removed from its platforms, and that an internal investigation has been launched to better understand what patient information was transmitted to third-party vendors.

“Out of an abundance of caution, Advocate Aurora Health has decided to assume that all patients with an Advocate Aurora Health MyChart account (including users of the LiveWell application), as well as any patients who used scheduling widgets on Advocate Aurora Health’s platforms, may have been affected,” Advocate Aurora Health officials wrote in the statement.

How Did the Attack Take Place?

Advocate Aurora has not yet disclosed the cause of the data breach. However, it removed all pixels—software that uses gathered data to find targeted ads—from its website. “These pixels would be very unlikely to result in identity theft or any financial harm, and we have no evidence of misuse or incidents of fraud resulting from this incident,” Advocate says in a statement.

What data was viewed or stolen?

“IP address; dates, times, and/or locations of scheduled appointments; your proximity to an Advocate Aurora Health location; information about your provider; type of appointment or procedure; communications between you and others through MyChart, which may have included your first and last name and your medical record number; information about whether you had insurance; and, if you had a proxy MyChart account, your first name and the first initial of the first initial of the first initial of the first initial of the first initial of the first initial of the first initial Advocate Aurora Health stated unequivocally that the investigation found no evidence of social security numbers or financial information being involved in the data leak.

How Did the Advocate Acknowledge the Breach?

A notice about the incident was published on Advocate Aurora’s website. In the statement, it was stated that “out of an abundance of caution, Advocate Aurora Health has decided to assume that all patients with an Advocate Aurora Health MyChart account (including users of the LiveWell application) as well as any patients who used scheduling widgets on Advocate Aurora Health’s platforms may have been affected.”

What Will Happen to the Stolen Data?

It would be naïve to presume that the breach would have no consequences given the volume of information. This is still a hacker’s fantasy even though no social security numbers or bank information were impacted. The hacker can easily stalk, harass, or abduct a victim because they have access to their addresses. Additionally, they have names, which makes it even simpler for the hacker to learn more about them. If the hacker is good enough, they might even be able to take your insurance. They might take your prescriptions or utilize your insurance.

What Actions Should Affected Parties Take Following the Breach?

Victims can take a variety of precautions to safeguard themselves following the incident. Software has been specifically designed for circumstances like this. They can surf the dark web or other risky and unapproved websites, as well as search your device for malware and other undesirable software. These checks assist in making sure that your information is not compromised in any way and alert you if it is. No system is perfect, as usual, but these actions will be quite beneficial to you.

Reference: idstrong &  fiercehealthcare