• World CyberCon India
Data Breaches Firewall Daily

Novant Confirms Healthcare Data Leak of 1.3 million Patients to Facebook

Novant Health sent letters to its patients notifying them about their details being transmitted to Facebook. Services related to Pixel, the tracking code were cancelled by Novant Health.

Novant Confirms Healthcare Data Leak of 1.3 million Patients to Facebook
  • PublishedAugust 25, 2022

Patient Health Information from healthcare provider Novant Health’s website was sent to Facebook due to a faulty configuration between the tracking code Pixel. Sensitive information like the patient’s email address, phone number, emergency contacts, advanced care planning, appointment type, appointment date, selected physician, and IP address was transmitted to Facebook. 

Novant Health informs affected individuals 

Novant Health apologized to its patients and has mailed letters to the affected individuals. This transmission happened because of a faulty configuration of Pixel, which was used on the Novant Health website. Pixel by Facebook was added to Novant’s website to trace users’ activities using Novant Health searches on Facebook.  

The Pixel campaign, which was operational to connect patients during the pandemic, included 64 healthcare service providers. The leak means that the details of over 1,362,296 individuals are at stake. Any details filled by patients or others in the form are vulnerable to abuse if accessed by a third party. Beyond the details on the form, any other information filled in the free text box may have also been sent to Facebook. 

Novant Health removes Pixel 

Novant Health learned about the data breach in May this year and then took necessary actions to stop the flow of information to Facebook in late May 2022. The health care provider maintained on their website that as soon as they learned about the data breach, they disabled and removed the Pixel. They also investigated to understand the extent of the breach.  

Novant Health maintained that Facebook did not respond to the multiple communications attempts made by the company related to the exposed data.

Why Novant Health and MyChart used Pixel? 

Novant Health MyChart patient portal was an initiative launched during the onslaught of the COVID-19 pandemic. Since reaching the doctors in person became difficult during those times, Novant Health collaborated with MyChart to start a campaign to assist users in getting a virtual appointment with a doctor. To do this, advertisements were made on Facebook as more people have access to the social networking website.  

The results of the interactions people had on Facebook while looking for a doctor’s appointment at Novant health were captured by the Pixel code. The data was expected to reach Novant Health. However, it also reached Facebook because of the faulty configuration in Pixel. The reverse flow of sensitive patient information from Novant Health and MyChart Portal to Facebook led to the breach of PHI.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

1 Comment

  • […] of the parties involved in the case asked for a 60-day hold until the plaintiffs’ lawyers and Facebook agreed on a written settlement. The hearing took place in the Northern District of California. […]

Comments are closed.