Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Paul Chambers🚧 (paul@oldfriends.live)'s status on Sunday, 27-Apr-2025 19:08:08 JST Paul Chambers🚧

For years, I have filed a HIPPA complaint with the privacy office of every website I go to that has a Google Analytics tag that serves my protected health information, like my doctor, MyChart, labs, pharmacies, home health, case management etc. I get brushed off. It just makes me uncomfortable.
🔗 'Read the Manual': Misconfigured Google Analytics Led to a Data Breach Affecting 4.7M
Personal health information on 4.7 million Blue Shield California subscribers was unintentionally shared between Google #Analytics and Google #Ads between April 2021 and January 2025 due to a misconfiguration error.
#hippa #Privacy #GoogleAds #Google #MedMastodon
https://it.slashdot.org/story/25/04/26/2042230/read-the-manual-misconfigured-google-analytics-led-to-a-data-breach-affecting-47m
🔗 BCBS NOTICE OF DATA BREACH: https://news.blueshieldca.com/notice-of-data-breach
"On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members. We want to reassure our members that no bad actor was involved, and, to our knowledge, Google has not used the information for any purpose other than these ads or shared the protected information with anyone."
In conversation about 15 days ago from oldfriends.live permalink
Attachments
1. Like other health plans, Blue Shield historically used the third-party vendor service, Google Analytics, to internally track website usage of members who entered certain Blue Shield sites. We were doing this to improve the services we provide to our members. On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members. We want to reassure our members that no bad actor was involved, and, to our knowledge, Google has not used the information for any purpose other than these ads or shared the protected information with anyone. Blue Shield severed the connection between Google Analytics and Google Ads on its websites in January 2024. We have no reason to believe that any member data has been shared from Blue Shield’s websites with Google after the connection was severed. Upon discovering the issue, Blue Shield immediately initiated a review of its websites and security protocols to ensure that no other analytics tracking software is impermissibly sharing members’ protected health information.
  https://media.oldfriends.live/oldfriends/media_attachments/files/114/406/626/663/085/457/original/443771552faf1d85.png
2. Domain not in remote thumbnail source whitelist: a.fsdn.com
  
  'Read the Manual': Misconfigured Google Analytics Led to a Data Breach Affecting 4.7M - Slashdot
  
  Slashdot reader itwbennett writes: Personal health information on 4.7 million Blue Shield California subscribers was unintentionally shared between Google Analytics and Google Ads between April 2021 and January 2025 due to a misconfiguration error. Security consultant and SANS Institute instructor B...
3. Domain not in remote thumbnail source whitelist: news.blueshieldca.com
  
  Notice of Data Breach
  
  from Blue Shield of California | News Center
  
  Notice of Data Breach Blue Shield of California has begun notifying certain members of a potential data breach that may have included elements of their protected health information. Due to the complexity and scope of the disclosures, Blue Shield is...

Feeds