Blue Shield exposed 4.7 million patients’ health data to Google

Possibly, medical care institutes and insurers collect the most confidential information about you, including IDs, contact data, addresses and medical records. But they often do not put the same level of effort to protect that data.

That is clear about the growing number of medical care data violations that we have seen recently. In most cases, a bad actor was involved.

But in the last news, the Giant of Health Insurance Blue Shield of California confirmed that he had been sharing private health data or 4.7 million users with Google for three years without even realizing.

Stay protected and informed! Get security alerts and expert technology advice: register in the Kurt Cyberguy report now

A person who does a search on Google (Kurt “Cyberguy” Knutsson))

What you need to know

Blue Shield of California has just admitted an important data privacy slip that occurred for almost three years, from April 2021 to January 2024. He was using Google Analytics to track how people used their member websites. This is totally normal since each business does. But the tool was accidentally sharing confidential information with Google’s ads because it was configured correctly.

What I find extremely shocking is that it touched the company three years to realize that it was sharing its user data with Google to run ads. This says a lot about how much do these health giants care about protecting their data.

Shared data included a wide range of protected health information (PHI), including names, postal codes, gender, medical claims dates, online account numbers, insurance plans names, group numbers, family data and even search criteria used in your “funeral”.

“Google may have used use data to perform advertising campaigns made to these individual members. We want to assure our members that there was no bad actor involved and, as far as we know, Google has not used the Prosse thesis company. He said on a warning on his website.

This incident is not isolated. Around the last years, medical care and technology companies have been subject to similar false steps. The Federal Commerce Commission (FTC) and the Department of Health and Human Services (HHS) have already issued warnings about the use of monitoring technologies in medical care, especially those that could exposure to the data SAFDAR of data.

A Google spokesman provided the following comment to Cyberguy when asked about the violation of Blue Shield data:

“Companies, not in Google, manage the data that collect and should inform users about their collection and use. By default, any data sent to Google Analytics for measurement does not identify people, and we have strict policies against the collection of private health information.”

A person working on his laptop (Kurt “Cyberguy” Knutsson)

Malware exposes 3.9 billion passwords in a great threat of cybersecurity

Impact on patients and industry

Since the data were only shared with Google and not any other part, the general risk is relatively low, separated from the clear violation of privacy. It is very unlikely that someone else gets access to it, so data chancs are badly used are intelligent. Google says that it does not allow advertisements to be delivered in confidential information such as health, so there are many possibilities that their data is not even used for advertising.

The Blue Shield case follows a chain of similar infractions. Companies such as Goodrx, Betterhelp and Kaiser have faced regulatory and legal consequences to share confidential users data with advertising suppliers. Some were also established for millions of dollars. Despite the risks, many medical care organizations have continued using these tools due to the lack of clear regulatory railings, a situation even more for a ruling of the Federal Court that blocked the Biden administration attempts to stop the use of online trackers in medical care environments.

What is artificial intelligence (AI)?

A person working on a laptop (Kurt “Cyberguy” Knutsson)

How to delete your private Internet data

How to protect your online health data

The Blue Shield of California incident is a reminder that equally known medical care providers can confirm confidential data. While you can’t always control what happens behind the scene, there are Steps you can take to reduce your exposure and protect your privacy:

1. Limit what you share in health portals: Avoid entering more personal details of what is absolutely necessary on insurance or suppliers websites. Tools such as “Finding a doctor” can record your search terms, so keep vague tickets when possible.

2. Use privacy -centered browsers: Browsers as well or Firefox Offer incorporated privacy protections, such as blocking third -party trackers that could expose health -related navigation activity.

3. Turn off the customization of the ad: Visit Google Ads Configuration and disable advertisement customization. This won to stop tracking, but can reduce the way in which your guidance data is used.

4. He chooses not to follow the monitoring whenever possible: Many medical care sites use cookies and monitoring tools. Choose “reject everything” or the strictest privacy settings in cookbaches. If there is an available monitoring exclusion tool, use it.

5. Read privacy policies (yes, really): Look for a language like “Share Third Parties”, “Advertising” or “Analysis”. If a medical care provider mentions tools such as Google Analytics or Meta Pixel, that is a signal to proceed with caution.

6. Monitor your accounts and credit: Be attentive to unusual insurance claims or medical charges. Configure credit alerts or monitoring services if your supplier sacrifices them, especially after a violation.

7. Ask questions: Call or send an email to your medical care supplier or insurer. Ask what follow -up tools they use and how they protect your data. The more consumers drive transparency, the more pressure there is to improve the standards.

Get the Fox business on the fly by clicking here

Bonus privacy steps (for additional tranquility)

If you want to go beyond the basics, here there are some additional steps that can help reduce your fingerprint and contract early misuse:

Use a personal data disposal service: While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap, and Neith is your privacy. These services do all the work for you through the monitoring of activities and systematically deleting your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out. Check out my best selections to obtain dates elimination services here.

Consider identity theft protection services: If you are concerned about fraud or medical identity theft, you will want to consider the use of identity theft protection services. Identity theft companies can monitor personal information such as their social security number, telephone number and email address and alert it if it is sold on the dark website or used to open an account. They can also help you freeze your bank and credit card accounts to the prevention of unauthorized use of criminals.

Use strong antivirus software: To protect against malware or phishing attacks that could compromise access to their online health accounts, be sure to use solid antivirus software. The best way to safeguard the malicious links that install malware, potentially accessing their private information, is to have an antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.

Kurt key takeway

I be confined to how careless are the majority of colleagues when it comes to protecting user data. Blue Shield “By mistake” shared his data with Google, which are used to show personalized ads. The company took three years to realize this. While most cyber incidents involve an attacker, this violation did not need one. We need responsibility in data practices, especially when human error or technological supervision can cause scale damage.

Click here to get the Fox News application

How comfortable is it that you know that your health data can be used to direct advertisements? Get us knowing in Cyberguy.com/contact

To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter

Ask Kurt a question or let us know what stories we would like to cover

Follow Kurt in his social channels

Answers to Cyberguys most facts:

New Kurt:

Kurt “Cyberguy” Knutsson is an award -winning technological journalist who has a deep love for technology, team and devices that improve life with their contributions for Fox News & Fox Business that begins in “Fox & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.

How cuts at the National Institutes of Health could impact Americans’ health

Japan’s population is shrinking. Here’s what it means – and what some are doing about it.

Trump’s ‘America First’ might leave the U.S. behind

Scientists fear Trump administration cuts to NIH could impact the health of Americans for generations

Recently surfaced 9/11 evidence was not shared with FBI field agents or top intelligence officials

Bill Owens, executive producer of 60 Minutes, resigns

USA

Business

Sports

Health