California’s Blue Shield Health Insurance Giant alerts millions of people of a data breach. The company confirmed on Wednesday that it has shared private information on the health of patients with Google Technological and Advertising Giants from 2021.
Insurer said That the data sharing was stopped in January 2024, but only learned in February that the collection of years containing personal and sensitive health information.
Blue Shield said it used Google Analytics to monitor how its customers used its websites, but an incorrect configuration had allowed the collection of personal and health information, such as the search terms used by patients on its website to find health care providers.
The insurance giant said Google “may have used this data to carry out focused advertising campaigns back to these individual members”.
Blue Shield said the data collected also included names of insurance plans, types and groups, along with personal information such as the city, the postal code, gender and size of the patient’s family. Details on the number of members with blue shield, service dates and service providers, patient names and patient financial responsibility.
Per α Legally required disclosure With the US Department of Health, California’s Blue Shield said it alerts 4.7 million people affected by violation. Violation is considered to affect the majority of its customers. Blue Shield had 4.5 million members by 2022.
It is not immediately clear whether Blue Shield asked Google to delete the data or whether Google has complied. Blue Shield and Google representatives did not respond immediately to comments.
Blue Shield is the latest healthcare company to fish from the use of internet monitoring technologies. Online trackers are small code excerpts, often provided by technological giants designed to collect customer browser information, are incorporated into mobile applications and sites. Technology and social media companies are usually the sources of these trackers, as they are based on advertising data and to drive most of their revenue.
Last year, the US Health Insurance Giant Kaiser informed more than 13 million people that it has shared the data of advertisers with advertisers such as Google, Microsoft and X, after integrating the monitoring code on its website.
Several other emerging healthcare companies, including the start of mental health, monument and tempest of brain recovery and alcohol recovery, have revealed past violations related to the exchange of personal information and health information of patients with advertising companies.
The violation of Blue Shield, California, is today as the largest data violation associated with 2025 healthcare so far, according to the US Department of Health’s Civil Rights Office.
