Meta Pixel Breach Has Hospitals Spinning
Table of Contents
- By Steven
- Nov 08, 2022
Meta Pixel is a targeted ad platform that has been growing in popularity in recent years. In mid-September 2022, we reported a breach to multiple hospitals across the US, many of which were the biggest names in medicine. Now, we're finding out that the repercussions of the Meta Pixel leak are having a much more significant effect than we thought.
How Did the Leaks Occur?
The data leaks occurred when Meta Pixel, which has the same parent company as Facebook, began sending the data it acquired from hospital websites to Facebook to create targeted ad campaigns. The hospitals affected have been coming more to light over time, and the list has changed. Instead of only some of the top hospitals in the country being under fire for this ill-conceived partnership, many hospitals are being breached and hacked due to the leaked information.
What Hospitals Had Information Viewed or Stolen?
The list of affected hospitals seems to be constantly growing. Some of the most notable names in medicine ended up on the list of affected and hacked companies, which we're sure they never wanted. The initial list of affected hospitals is listed on The Markup. Recent investigation has shown that WakeMed Health and Hospitals and Advocate Aurora Health are being sued due to the Meta Pixel leak.
How Did the Hospitals Admit to the Breach?
The hospitals did not formally announce the data breach until The Markup reached them for comment. The Markup discovered the breach when it began investigating certain US hospitals. During the investigation, it booked an appointment using the keyword "pregnancy termination" and found that the data was sent to Facebook and used to create targeted ads. The data exchange was done without patient consent, resulting in HIPAA violations. WakeMed and Advocate are targeted by a class action lawsuit following the impermissible disclosure of confidential patient information. The lawsuit states, "Whenever a patient uses Advocate's websites and applications, including its LiveWell portal, Advocate and Facebook intercept, contemporaneously cause transmission of, and use personally identifiable patient information and PHI without patients' knowledge, consent, or authorization."
What Will Become of the Stolen Information?
The stolen information is incredibly sensitive, meaning the victims are at extremely high risk of things like phishing scams, identity theft, kidnapping, and other nefarious acts. The data leaked included all of the appointment information, including reason, location, diagnosis, and all other data that was input by the patient.
What Should Affected Parties Do in the Aftermath of the Breach?
In the aftermath of the data breach, anyone affected should research the class action lawsuit. Some software titles are made for situations like this and will monitor your data, so you don't have to. It's as simple as installing something on your computer. It would also be lucrative to add a password manager on your device and change your hospital website password because we need to know precisely what information was affected.