Novant Health data breach exposes protected patient information

(Photo credit: Bruce VanLoon/Shutterstock)

Overview of the Novant Health data breach:

  • Who: Novant Health has warned its patients of a potential data breach.
  • Why: The network says patients’ private health information may have been inappropriately passed to Facebook’s parent company, Meta, through a Facebook-linked tracking tool.
  • Where: The Novant Health breach occurred nationwide in the United States.

Novant Health Inc. sent 1.3 million notification letters to patients warning them that their private health information may have been inappropriately passed on to Facebook parent company Meta via a Facebook-linked tracking tool.

On August 12, Novant Health, a nonprofit health network of medical clinics, outpatient centers and hospitals, said the tracking tool may have allowed certain private information to be transmitted to Meta.

Novant said the tracking involved the use of a Facebook-related pixel, which was “incorrectly configured”. The issue saw private information from the Novant Health website and MyChart portal sent to Meta.

Information disclosed could include patient demographic information, such as email address, phone number, computer IP address, emergency contacts, advanced care planning, type and appointment date and information entered in boxes, according to Novant.

Novant says the disclosure did not affect patients’ social security numbers or other financial information “unless typed in a free text box by the user.”

Some patients receiving the notification letter will be patients of independent physicians and facilities that use MyChart, the network says.

Novant Health data breach caused by new promotional campaign, company says

Novant Health says it launched a promotional campaign in 2020 to connect more patients to the Novant Health MyChart patient portal in an effort to improve access to care through virtual visits.

This campaign involved Facebook ads and a Meta tracking pixel placed on the Novant Health website to help understand the success of these Facebook advertising efforts.

However, the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal, Novant explains.

Immediately after becoming aware that the pixel had the ability to transmit unintended information to Meta, Novant Health disabled and removed the pixel as a precaution and began an investigation to find out if, and to what extent, information was transmitted, says he.

Letters from patients will specifically state whether financial information may have been involved, Novant says.

He says the letter is part of an outreach effort “to be as transparent as possible” about the disclosure.

In related news on data breaches, in July the Federal Bureau of Investigation, the Treasury Department and the Cybersecurity and Infrastructure Security Agency warned that North Korean groups were responsible for several data breaches. on health care, according to a joint alert.

Also in July, Professional Finance Company disclosed to the public that it had been the victim of a cyber security breach in February that exposed data from more than 650 healthcare providers.

If your information has been compromised as a result of a hospital data breach, you may be eligible for a healthcare data breach class action lawsuit.

Learn more about class actions and class action settlements:

We tell you about the money you can claim EVERY WEEK! Subscribe to our free newsletter.

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a source of legal information that reports on class action lawsuits, class action settlements, drug-related injury lawsuits, and product liability lawsuits. Top Class Actions does not handle claims and we cannot advise you on the status of a class action settlement claim. You should contact the Settlement Administrator or your attorney for any updates regarding the status of your claim, the Claim Form, or questions about when payments should be mailed.

Similar Items


Comments are closed.