Novant Health is one of the leading health care providers in North Carolina. It was founded in 1997 and now works with more than 15 different hospitals and over 350 different providers.
Novant Health recently notified its patients of a data privacy event. It appears that patient health information, commonly referred to by the acronym of PHI, was disclosed.
Though it might be hard to believe, reports indicate a pixel was incorrectly configured. Pixels are code pieces used to gauge activity on specific web pages. In short, pixels are used for online tracking purposes.
The improper configuration of the pixel in question permitted the transmission of sensitive data from Novant Health’s site along with the group’s portal for patient services to Meta. It appears as though this seemingly innocent employee oversight is the cause of the breach. The patient portal, referred to as MyChart, was launched as a component of a promotional campaign created during the coronavirus pandemic that links patients with the organization.
The date of this breach is unknown, but estimates are it began in March 2020 and continued beyond that.
The breach impacts Novant Health customers. However, the healthcare services provider will also pay the price in the form of reputational harm. Furthermore, the fact that Hackers took advantage of Meta's advertisements and tracking pixels used on the Novant Health site is also a blow to Meta's reputation.
Novant Health did not reveal the exact scope of the breach. It appears as though hackers had access to a significant amount of Novant Health patient data. All in all, Novant Health provides services at 15 hospitals. Estimates indicate hackers might have accessed more than 1.3 million patient records in the attack.