Posted on 04/27/2025 3:04:02 PM PDT by CFW
Health insurance giant Blue Shield of California is notifying millions of people of a data breach. The company confirmed on Wednesday that it had been sharing patients’ private health information with tech and advertising giant Google since 2021.
The insurer said that the data sharing stopped in January 2024, but it only learned this February that the years-long collection contained patients’ personal and sensitive health information.
Blue Shield said it used Google Analytics to track how its customers used its websites, but a misconfiguration had allowed for personal and health information to be collected as well, such as the search terms that patients used on its website to find healthcare providers.
The insurance giant said Google “may have used this data to conduct focused ad campaigns back to those individual members.”
Blue Shield said the collected data also included insurance plan names, types, and group numbers, along with personal information such as patients’ city, zip code, gender, and family size. Details of Blue Shield-assigned member account numbers, claim service dates and service providers, patient names, and patients’ financial responsibility were also shared.
(Excerpt) Read more at techcrunch.com ...
So Blue Shield of California spent almost three years accidentally handing over sensitive health info - names, medical claims, family data, and even doctor searches - to Google without telling anyone.
They were trying to track website clicks, but thanks to sloppy settings, Google Ads got a backstage pass to patient privacy from April 2021 to January 2024.
This is what happens when your tech team are all DEI hires.
And, of course, Google never came back to Blue Shield and said, "Hey, you might be giving us too much information, here."
Would they like to pull my other leg? I tied bells on it to give a festive touch.
I'm not convinced of that part.
Why this is a surprise to anybody is what’s amazing.
Aren’t Hippa violations prosecutable crimes?
Get your online health password, we will protect your health data, of course.
A rookie coder could strip away identifying data at the origin, and only send forward anonymous data that only Blue Shield could re-attach to the patients.
On the Blue Shield side, even a rookie coder could identify what was passing to them and tell them strip the patient data.
Or Indian.
It’s just “confusion”
When that word is used as an excuse, you should see how I nuke people.
Incompetence, greed, failure, fraud, stupidity is not…. Confusion or a coincidence.
Just send me my million dollars and all will be forgiven.
The personal information should have been stripped out from the dataset and replaced with anonymous unique identifiers that could be later synced back up to the patient information after getting run through Google Analytics.
It should be one of the very first steps in the process.
But DOGE is the problem.
“So Blue Shield of California spent almost three years accidentally handing over sensitive health info...”
Doesn’t sound like much of a ‘shield’.
Anyway, will Blue Shield now re-imburse people for the money they received from Google for this sensitive information?
I kind of doubt it.
Don’t think for one second that Google didn’t know they were collecting illegal information… not for one single second
It’s just a whoopsie do do! Accidents happen. Someone was preoccupied and hit the wrong key, sending the data of millions to Googleland. Then they simply forgot about it and went to lunch. This sounds perfectly reasonable and legitimate.
3 year data stream and they didn't know what information the data contained? LOL....Who was getting paid?
Blue Shield of California sold........................?
Sounds more like it most use the hack issue for it
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.