Blue Shield presented 4.7 million health data from Google
Possibly, medical care institutions and insurers collect the most confidential information about you, including IDs, contact data, addresses and medical records. But they often do not put the same level of effort to protect that data.
That is clear about the growing number of medical care data violations that we have seen recently. In most cases, a bad actor was involved.
But in the last news, the Giant of Health Insurance Blue Shield of California confirmed that he had been sharing private health data of 4.7 million users with Google for three years without even realizing.
Stay protected and informed! Get security alerts and expert technology advice: register in the Kurt Cyberguy report now
A person who does a search on Google (Kurt “Cyberguy” Knutsson))
What you need to know
Blue Shield of California has just admitted an important data privacy slip that occurred for almost three years, from April 2021 to January 2024. He was using Google Analytics to track how people used their member websites. This is totally normal since each business does. But the tool was accidentally sharing confidential information with Google’s ads because it was not configured correctly.
What I find extremely shocking is that the company took three years to realize that I was sharing its user data with Google to run ads. This says a lot about how much do these health giants care about protecting their data.
Shared data included a wide range of protected health information (PHI), including names, postal codes, gender, medical claims dates, online account numbers, insurance plans names, group numbers, family data and even search criteria used in its characteristic of “finding a doctor.”
“Google may have used these data to carry out advertising campaigns focused on these individual members. We want to assure our members that there was no bad actor involved and, as far as we know, Google has not used the information for any purpose other than these ads or shared the information protected with anyone”, the company, “the company. He said on a warning on his website.
This incident is not isolated. In recent years, medical care and technology companies have been subject to similar false steps. The Federal Commerce Commission (FTC) and the Department of Health and Human Services (HHS) have already issued warnings about the use of monitoring technologies in medical care, especially those that could expose the data from patients to third parties without appropriate transparency or safeguards.
A Google spokesman provided the following comment to Cyberguy when asked about the violation of Blue Shield data:
“Companies, not on Google, manage the data that collect and should inform users about their collection and use. By default, any data sent to Google Analytics for measurement does not identify people, and we have strict policies against the collection of private health information (PHI) or advertising based on confidential information.”
A person working on his laptop (Kurt “Cyberguy” Knutsson)
Malware exposes 3.9 billion passwords in a great threat of cybersecurity
Impact on patients and industry
Since the data were only shared with Google and not any other part, the general risk is relatively low, apart from the clear violation of privacy. It is very unlikely that someone else has access to him, so the possibilities that the data is used badly are scarce. Google says that it does not allow ads to be served based on confidential information such as health, so there is a good possibility that their data is not even used for advertising.
The Blue Shield case follows a chain of similar infractions. Companies such as Goodrx, Betterhelp and Kaiser have faced regulatory and legal consequences to share confidential users data with advertising suppliers. Some even made up of millions of dollars. Despite the risks, many medical care organizations have continued using these tools due to the lack of clear regulatory railings, a situation even more for a ruling of the Federal Court that blocked the Biden administration attempts to stop the use of online trackers in medical care environments.
What is artificial intelligence (AI)?
A person working on a laptop (Kurt “Cyberguy” Knutsson)
How to delete your private Internet data
How to protect your online health data
The Blue Shield of California incident is a reminder that even well -known medical care providers can make mishandling of confidential data. While you can’t always control what happens behind the scene, there are Steps you can take to reduce your exposure and protect your privacy:
1. Limit what you share in health portals: Avoid entering more personal details of what is absolutely necessary on insurance or suppliers websites. Tools such as “Finding a doctor” can record your search terms, so keep vague tickets when possible.
2. Use privacy -centered browsers: Browsers like Brave or FireNews Offer incorporated privacy protections, such as blocking third -party trackers that could expose health -related navigation activity.
3. Turn off the customization of the ad: Visit Google Ads Configuration and disable advertisement customization. This will not stop tracking, but can reduce the way in which your guidance data is used.
4. He chooses not to follow the monitoring whenever possible: Many medical care sites use cookies and monitoring tools. Choose “reject everything” or the strictest privacy settings in cookbaches. If there is an available monitoring exclusion tool, use it.
5. Read privacy policies (yes, really): Look for a language like “Share Third Parties”, “Advertising” or “Analysis”. If a medical care provider mentions tools such as Google Analytics or Meta Pixel, that is a signal to proceed with caution.
6. Monitor your accounts and credit: Be attentive to unusual insurance claims or medical charges. Configure credit alerts or monitoring services if your supplier offers them, especially after a violation.
7. Ask questions: Call or send an email to your medical care supplier or insurer. Ask what follow -up tools they use and how they protect your data. The more consumers drive transparency, the more pressure there is to improve the standards.
Get the News business on the fly by clicking here
Bonus privacy steps (for additional tranquility)
If you want to go beyond the basics, here there are some additional steps that can help reduce your fingerprint and contract early misuse:
Use a personal data disposal service: While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap, and it is not your privacy either. These services do all the work by you by actively monitoring and systematically erasing your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out. See my best selections to obtain data disposal services here.
Consider identity theft protection services: If you are concerned about fraud or medical identity theft, you will want to consider the use of identity theft protection services. Identity theft companies can monitor personal information such as their social security number, telephone number and email address and alert it if it is sold on the dark website or used to open an account. They can also help you freeze your bank and credit card accounts to avoid greater unauthorized use by criminals.
Use strong antivirus software: To protect against malware or phishing attacks that could compromise access to their online health accounts, be sure to use solid antivirus software. The best way to safeguard the malicious links that install malware, which potentially access their private information, is to have an antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets. Get my elections for the best antivirus protection winners 2025 for your Windows, Mac, Android and iOS devices.
Kurt key takeway
I be confronted how careless are most companies when it comes to protecting user data. Blue Shield “erroneously” shared their data with Google, which then used them to show personalized ads. The company took three years to realize this. While most cyber incidents involve an attacker, this violation did not need one. We need responsibility in data practices, especially when human error or technological supervision can cause scale damage.
Click here to get the News application
How comfortable is you knowing that your health data can be used to direct ads? Get us knowing in Cyberguy.com/contact
To obtain more technological tips and safety alerts, subscribe to my free Cyberguy Report newsletter when you head Cyberguy.com/newsletter
Ask Kurt a question or let us know what stories we would like to cover
Follow Kurt in his social channels
- YouTube
Answers to Cyberguys most facts:
- What is the best way to protect your MAC devices, Windows, iPhone and Android to be pirate?
- What is the best way to stay private, safe and anonymous while navigating the web?
- How can I get rid of robocalls with data elimination applications and services?
- How do I eliminate my private internet data?
New Kurt:
- Try the new Cyberguy games (crosswords, words searches, trivia and more!)
- Cyberguy exclusive coupons and offers
- The best gifts for mom 2025
Copyright 2025 Cyberguy.com. All rights reserved.
Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.