Connect with us

Hi, what are you looking for?

Cyber Security

Healthcare provider Novant issues data breach warning after site tracking pixels sent patients’ information to Meta servers

Novant Health, a US healthcare provider, is warning patients of a potential data breach resulting from an incorrect configuration of an online tracking tool from the company behind Facebook.

Novant, which operates more than 50 healthcare facilities across North Carolina, said it placed a snippet of JavaScript code on its website as part of a promotional campaign during the early stages of the coronavirus pandemic.

The code was for Meta Pixel, a digital tracking tool that can be used by organizations to help them gauge the success of Facebook marketing campaigns.

However, the tracking pixel in question was “configured incorrectly and may have allowed certain private information to be transmitted to Meta” from the Novant Health website and patient portal, the company said.

Losing track

In a recent privacy statement, Novant Health said that it removed the pixel as soon as it discovered that it had the capability to transmit information to Meta.

Upon further investigation, the healthcare provider said that, depending on a user’s activity within the Novant Health website and MyChart portal, the leaked data could include email address, phone number, computer IP address, and healthcare appointment information.

“The information did not include Social Security numbers or other financial information unless it was typed into a free text box by the user,” Novant said.

The company said it has mailed letters to “some patients” following the discovery of the pixel misconfiguration. According to local press reports, more than 1.3 million individuals have been notified.

Patients at Novant’s New Hanover Regional Medical Center are not impacted. The incident, however, may affect other individuals who aren’t registered Novant Health patients but received a Covid-19 vaccine at a Novant facility.

“Based on our investigation, we do not have any evidence that this information was acted on by Meta or any other third party,” Novant said.

“We also have implemented more structure, governance, and policies around the use of pixels and promise that we will take appropriate actions to ensure that this does not happen again.”

Source: https://portswigger.net/daily-swig/healthcare-provider-novant-issues-data-breach-warning-after-site-tracking-pixels-sent-patients-information-to-meta-servers

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO