- A rape has affected almost 5 million health clients of Blue Shield of California
- This was thanks to an erroneous configuration of Google Analytics
- Confidential health information and patient data were exposed
The Blue Shield Health Insurance Firm has revealed that data violation has exhibited protected health data of more than 4.7 million members.
The information was leaked to Google’s analysis and advertisements after an erroneous configuration of Google Analytics at Blue Shield sites.
“On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain members of members to be shared with Google’s advertising product, Google Ads, which probably included protected health information,” the company wrote.
There are no bad actors
Blue Shield insists that social security numbers, credit card information or driver’s license numbers were not part of the dissemination, but that the name of the insurance plan, the type and the group number; The postal code, gender, family size, medical claim service and service provider, patient name and patient’s financial responsibility are among the information compromised.
Once the connection was cut between Google Analytics and Google’s ads on the website in January 2024, Blue Shield says that “there is no reason to believe that any member data were shared.”
After discovering the problem, Blue Shield says that he immediately reviewed the websites and security protocols, and has taken safeguards to protect similar attacks in the future.
“Google may have used these data to carry out advertising campaigns focused on you. We want to assure you that there is no bad actor involved and, as far as we know, Google has not used your information for any purpose other than these ads or shared your information protected with anyone,” confirms the notice.
Anyone who thinks that it can be affected must be ultra vigilant, change any password and closely monitor any account.
Particularly, be attentive to the unexpected emails that claim to be a medical or health -related address, and never click any liaison of anyone in which it does not trust 100%.
We have written an orientation on how data violation could affect it and what their next steps should be here.
