Novant Health Breach

Novant Health is one of the leading health care providers in North Carolina. It was founded in 1997 and now works with more than 15 different hospitals and over 350 different providers.

What Was the Breach?

Novant Health recently notified its patients of a data privacy event. It appears that patient health information, commonly referred to by the acronym of PHI, was disclosed.

How Did the Breach Occur?

Though it might be hard to believe, reports indicate a pixel was incorrectly configured. Pixels are code pieces used to gauge activity on specific web pages. In short, pixels are used for online tracking purposes.

The improper configuration of the pixel in question permitted the transmission of sensitive data from Novant Health’s site along with the group’s portal for patient services to Meta. It appears as though this seemingly innocent employee oversight is the cause of the breach. The patient portal, referred to as MyChart, was launched as a component of a promotional campaign created during the coronavirus pandemic that links patients with the organization.

When Did This Breach Occur?

The date of this breach is unknown, but estimates are it began in March 2020 and continued beyond that.

Who Does the Breach Impact?

The breach impacts Novant Health customers. However, the healthcare services provider will also pay the price in the form of reputational harm. Furthermore, the fact that Hackers took advantage of Meta's advertisements and tracking pixels used on the Novant Health site is also a blow to Meta's reputation.

How Many Files Does the Breach Affect?

Novant Health did not reveal the exact scope of the breach. It appears as though hackers had access to a significant amount of Novant Health patient data. All in all, Novant Health provides services at 15 hospitals. Estimates indicate hackers might have accessed more than 1.3 million patient records in the attack.