“The Register” had this article today about an Advocate Aurora Health leak. Apparently, the “tracker” on MyChart sent data to slurping third parties.
“It’s now determined that code – known also as trackers or pixels because they may be loaded onto pages as invisible single pixels – may have sent personal info from the pages patients had open to those providing the trackers, such as Facebook or Google.”
I mention this because an article appeared locally on October 18th about a very large Medical Center here doing the same thing with their “pixel” on MyChart. Anyone who logged into their MyChart account or scheduled an appointment on that entity’s website between March 2018 and May 2022 had their data–including medical information–sent to Meta. (I am not going to post the link, because it is local.)
It also pleads “misconfiguration,” but it has really just become cost of doing business, at least in the US. There is no teeth to punishment if there is any. “We take security and privacy seriously. We are unaware of misuse. Blah blah.” So much for HIPAA.