data breach, cyber security, hacking,

A patient affected by a data breach at Advocate Aurora Health is suing the health care system in a class action lawsuit, claiming he shared his private information with Facebook in a breach that could have affected three million patients.

The patient claims that the patient portal he used to communicate with his doctors at Advocate Aurora and to schedule appointments used a split code that also allows logging in via Facebook and then sharing the data with Facebook.

“When a patient uses the Advocate sites and apps, including its LiveWell portal, Advocate and Facebook intercepts, it simultaneously causes the patient’s personal information and protected health information to be transferred and used without the patients’ knowledge, consent or authorization,” Alistair Stewart said in his complaint. Filed in Northern Illinois District Court last week.

The case comes shortly after Advocate Aurora, based in Wisconsin and Illinois, released a file Statement on October 21 On its website it reports a data breach. To fix the breach, the hospital system has disabled the “pixel system”. The health care system also said it had launched an internal investigation to understand the leaked patient information.

In his complaint claiming class action status for all affected by the breach, Stewart claims that the health care system and Facebook knew that personal information was not protected, in violation of HIPAA. Stewart claims that the way in which “pixels” technology works, which allows third-party vendors to track patient browsing trends, shows Advocate Aurora’s lack of data security for its patients.

“At all relevant times, the attorney and Facebook knew that the Meta Pixel had intercepted and disclosed the patient’s personal and protected health information,” Stewart said in the complaint. This has been demonstrated, among other things, by the functionality of Pixel, including that it enabled Advocate’s LiveWell portal to serve targeted ads to its digital subscribers based on products that those digital subscribers had previously viewed on the website, including some medical tests or “Procedures, for which the lawyer received a monetary reward.”

A data breach could affect 3 million patients, according to the Health and Human Services. List of cases under investigation.

In Advocate’s press release on October 21, the health care system said a variety of sensitive patient information had been compromised. This included the type of appointment or procedure the patient had, communications between patients and doctors made on MyChart, medical record numbers, information about the patient’s insurance status, and more.

HHS’s list of ongoing investigations into health care data breaches shows how widespread the problem is, with new data breaches being reported nearly every day, and in a number of states. Although the Advocate data breach was the largest in terms of number of patients affected in the last month, several other data breaches in the past few weeks have affected hundreds of thousands of people.

For example, in North Carolina, a data breach at WakeMed Health and Hospitals affecting nearly 500,000 people was reported on the same day as the Advocate data breach. At Keystone Health in Pennsylvania, a data breach over the past month affected more than 235,000 people.

Advocate Aurora Health and Meta did not immediately respond to requests for comment.

Photo: JuSun, Getty Images

Leave a Reply