<
https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/>
Blue Shield of California disclosed it suffered a data breach after
exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.
The nonprofit health plan, which serves nearly 6 million members across California, published a data breach notification on its website stating
that member data was exposed between April 2021 and January 2024.
Today, the United States Department of Health and Human Services breach
portal was updated to state that the leak exposed 4.7 million members' protected health data.
Number
Source: ocrportal.hhs.gov
According to the notice, the exposure was caused by a misconfiguration
of Google Analytics on certain Blue Shield sites. This resulted in the sensitive data potentially being shared with Google advertising
platforms and advertisers.
"On February 11, 2025, Blue Shield discovered that, between April 2021
and January 2024, Google Analytics was configured in a way that allowed
certain member data to be shared with Google's advertising product,
Google Ads, that likely included protected health information," reads
the notice.
"Google may have used this data to conduct focused ad campaigns back to
those individual members."
The data types exposed as a result of the misconfiguration include:
Insurance plan name
Type and group number
City and zip code
Gender
Family size
Blue Shield assigned identifiers for members' online accounts
medical claim service date and service provider, patient name, and
patient financial responsibility
"Find a Doctor" search criteria and results (location, plan name and
type, provider name and type)
Blue Shield noted that other personal information, such as Social
Security numbers, driver's license numbers, banking, and credit card information, were not exposed as a result of this incident.
Still, it is recommended that members stay vigilant and closely monitor
their account statements and credit reports to identify
unauthorized/suspicious activity.
The organization has not offered identity theft protection services, and
it's unclear whether individual notices will be sent to impacted members
in the future.
This is the second large-scale IT incident disclosed by Blue Shield of California in under a year.
Last year, nearly one million health plan members had their data stolen
by BlackSuit ransomware actors who breached the organization's software solutions provider, Connexure (formerly Young Consulting).
--
God be with you,
CrudeSausage
LibreOffice supporter
John 14:6
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)