Meta Pixel ad tracker collects another 3 million data breaches at Advocate Aurora Health; Zuckerberg getting Senate scrutiny

October 21, 2022 | by

The Pixel ad tracker continues to be a Big Problem for Meta and Facebook. Advocate Aurora Health, a large health system in Illinois and Wisconsin, this week informed 3 million patients of a potential data breach connected to the use of Meta Pixel. The Meta Pixel snippets of JavaScript code were used within their Epic MyChart and LiveWell websites and applications, as well as on some of their schedulers.

As we have previously noted (below), ad trackers like the Meta Pixel are used to target website visitors and also to track ads placed on Facebook and Instagram. Developers routinely permit these snippets of code as trackers for better performance and website tracking, but the problem here is that sensitive patient information (PHI) is being sent back to Facebook where it violates patient privacy and can be misused.

Advocate Aurora cited that Meta Pixel may have collected “IP address; dates, times, and/or locations of scheduled appointments; your proximity to an Advocate Aurora Health location; information about your provider; type of appointment or procedure; communications between you and others through MyChart, which may have included your first and last name and your medical record number; information about whether you had insurance; and, if you had a proxy MyChart account, your first name and the first name of your proxy.” It did not collect social security number, financial accounts, credit cards, or debit card information. At this point, there is no reported misuse of information. Bleeping ComputerHealthcareITNews

That this is at all problematic is being vigorously denied by Facebook. But in an unusual move, Senator John Warner (D-VA) sent a letter yesterday to Meta CEO Mark Zuckerberg, containing seven fairly rigorous questions based on The Markup’s articles to be answered by 3 November. This follows on Sen. Jon Ossoff’s request via the Senate Homeland Security Committee (below)  (Editor’s opinion: to be written by Meta’s lawyers, and don’t hold your breath for any rending of garments or mea culpas.) HealthcareITNews, The Markup

Our previous articles on The Markup‘s research and Meta Pixel:

Breaking: Hospitals sending sensitive patient information to Facebook through website ‘Meta Pixel’ ad tracker–study

Facebook Meta Pixel update: Nemours Children’s Health using 25 ad trackers on appointment scheduling site

Let the lawsuits begin: Meta sued by health system patient for Meta Pixel info gathering

Novant Health notification 

Meta facing some Senate scrutiny on Meta Pixel’s health data collection–and how it’s used