Close Menu
Login/Register
Technology

Blue Shield exposed 4.7 million patients’ health data to Google

No Comments8 Mins Read
3 blue shield of california leaks 4.7 million members protected health data outro.jpg

Healthcare providers and insurance companies will undoubtedly collect the most sensitive information about you, including your ID, contact details, address, and medical records. But they often don’t make the same level of effort to protect that data.

This is evident from the recent increase in healthcare data breaches. In most of these cases, bad actors were involved.

However, the latest news confirmed that California health insurance giant Blue Shield had been sharing private health data with Google for three years without realizing it.

Be protected and provide information! Get security alerts and expert technical tips – Sign up for The CyberGuy Report in Cart now

People who do Google searches (Kurt “Cyberguy” Knutsson))

What you need to know

California’s Blue Shield has just recognized a major data privacy slip that lasted almost three years from April 2021 to January 2024. I used Google Analytics to track how people used member websites. This is perfectly normal as all businesses do it. However, the tool was not set up properly, causing it to incorrectly share incorrect information with Google Ads.

What I find very shocking is that it took me three years to realize that the company was sharing user data with Google to run ads. This says a lot about how interested these healthcare giants are in protecting your data.

The shared data included a wide range of protected health information (PHI), including name, ZIP code, gender, medical billing date, online account number, insurance plan name, group number, family data, and even search criteria used in the “Doctor Find” feature.

“It is possible that Google used this data to run a focused ad campaign on those individual members. We want to reassure members that no bad actors are involved. To our knowledge, Google has not used the information for any purpose other than these ads or shares protected information with anyone.” It stated in the notice on the website.

This incident is not quarantined. Over the past few years, healthcare and tech companies have been scrutinized for similar failures. The Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) have already issued warnings regarding the use of tracking technologies in healthcare, particularly those that could make patient data public to third parties without appropriate transparency or safety measures.

A Google spokesman provided the following comment to Cyberguy when asked about the Blue Shield data breach:

“But not Google, businesses need to manage the data they collect and notify users about its collection and use. By default, data sent to Google Analytics for measurement is not personally identifiable and there is a strict policy against advertising based on private health information (PHI) or sensitive information.”

People who type on a laptop

People who work on laptops (Kurt “Cyberguy” Knutsson)

Malware reveals 3.9 billion passwords with huge cybersecurity threats

Impact on patients and industry

The data is only shared with Google and is not another party, so apart from clear privacy violations, the overall risk is relatively low. It’s very unlikely that anyone else will have access to it, so the chances of data being misused are slim. Google says it is entirely possible that data will not even be used for advertising, as it cannot be provided based on sensitive information such as health.

The Blue Shield case follows a similar violation string. Companies such as Goodrx, Betterhelp, and Kaiser all face regulatory and legal consequences to share derivative user data with advertising vendors. Some people have settled down millions of dollars. Despite the risks, many healthcare organizations continue to use these tools due to a lack of clear regulatory guardrails. This is further complicated by a federal court ruling that blocked the Biden administration’s attempt to curb the use of online trackers in healthcare settings.

What is Artificial Intelligence (AI)?

Enter on your laptop

People who work on laptops (Kurt “Cyberguy” Knutsson)

How to delete private data from the Internet

How to protect your health data online

California’s Blue Shield reminds us that even well-known healthcare providers can mishandle sensitive data. You can’t always control what happens behind the scenes, but there teeth Steps you can take to reduce exposure and protect your privacy:

1. Limit what you share in the Health Portal. Please do not enter more personal information than you absolutely need on your insurance or provider’s website. Tools like “Find a Doctor” may record search terms and keep inputs vague when possible.

2. Use a privacy-centric browser: Browsers such as Brave and Firefox Provides built-in privacy protection, including blocking third-party trackers that may expose health-related browsing activities.

3. Turn off ad personalization: visit Google Ads Settings Disable AD Personalization. This does not stop tracking, but can reduce the way data is used for targeting.

4. Opt out of tracking if possible: Many healthcare sites use cookies and tracking tools. Select “Reject All” or the strictest privacy settings in the cookie banner. Use tracking opt-out tools if available.

5. Read the Privacy Policy (Yes, really): Find languages ​​like “third-party sharing”, “advertising”, “analysis”. If your healthcare provider mentions tools like Google Analytics or Meta Pixel, it’s a clue to proceed with caution.

6. Monitor your account and credits. Beware of unusual insurance claims or medical costs. Set up credit alerts or monitoring services, especially if your provider provides them after a violation.

7. Ask: Call or email your healthcare provider or insurance company. Ask which tracking tools to use and how to protect your data. The more transparent a consumer is, the more pressure there is to improve standards.

Click here to get your Fox business on the go

Bonus Privacy Step (for peace of mind)

If you want to go beyond the basics, here are some additional steps to help you reduce your digital footprint and catch up on misuse early.

Please use the Personal Data Deletion Service. Although there is no service that guarantees the complete deletion of data from the Internet, data deletion services are truly a wise choice. They aren’t cheap – and your privacy isn’t either. These services do all of their work by proactively monitoring and systematically erasing personal information from hundreds of websites. It has given me peace of mind and has proven to be the most effective way to erase personal data from the internet. By limiting the available information, you reduce the risk that scammers cross-referencing your data from violations, providing information they may find on the dark web, making it difficult for them to target you. Please see the top picks for data deletion services.

Consider identity theft protection services. If you are concerned about fraud or medical identity theft, you should consider using identity theft protection services. Personal information theft companies can monitor personal information such as social security numbers, phone numbers, and email addresses and alert you if it is being sold on the dark web or used to open an account. They can also help freeze bank and credit card accounts to prevent further fraudulent use by criminals.

Use powerful antivirus software: Use powerful antivirus software to prevent malware or phishing attacks that can compromise access to your online health account. The best way to protect yourself from malicious links to install malware is to install antivirus software on all devices, as it may access your personal information. This protection can also warn you that it will phish email and ransomware fraud and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.

Important points of cart

It confuses how careless most companies are when it comes to protecting user data. Blue Shield “incorrectly” shared data with Google and used it to display personalized ads. It took me three years to make this happen. Most cyber incidents involve attackers, but this violation was not necessary. Accountability of data practices is required, especially when human error or technical surveillance can cause major damage.

Click here to get the Fox News app

How comfortable do you know that your health data may be used to target advertising? Write us and let us know cyberguy.com/contact

For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter

Ask us a question in our cart or let us know what you want us to cover

Follow your cart on his social channels

Answers to the most asked Cyber ​​Guy questions:

New from Cart:

Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.

Kurt “Cyberguy” Knutsson is an award-winning tech journalist who loves technology, gear and gadgets that will make your life better with his Fox News & Fox Business contributions in the morning of “Fox & Friends.” Do you have any technical questions? Get our free Cyber ​​Guy Newsletter in Cart and share your voice, story ideas, or comments cyberguy.com.

Share.
info

TOPPIKR is a global news website that covers everything from current events, politics, entertainment, culture, tech, science, and healthcare.

Related Posts

Leave A Reply

Toppikr
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.