- A breach assigned nearly 5 million Blue Shield of California Healthcare customers
- It was thanks to a bad configuration of Google Analytics
- Sensitive health information and patient data has been exposed
The health insurance company Blue Shield has revealed that a data violation has exposed protected health data of more than 4.7 million members.
The information was disclosed to the analysis and advertising platforms of Google after a bad configuration of Google Analytics on the Blue Shield sites.
“On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that made it possible to share certain member data with Google, Google Ads, which probably included protected health information,” wrote the company.
No bad actors
Blue Shield insists that social security numbers, credit card information or driving license numbers were not part of disclosure, but that the name of the insurance plan, the type and group number; The postal code, sex, family size, date of medical complaints and service provider, patient name and patient financial responsibility are all among the compromised information.
Once the connection was broken between Google Analytics and Google Ads on the website in January 2024, Blue Shield says that there is “no reason to believe that members of the members” have been shared.
After discovering the problem, Blue Shield said that he immediately examined websites and security protocols, and took guarantees to protect himself from attacks similar in the future.
“Google may have used this data to carry out targeted targeted advertising campaigns for you. We want to reassure you that no bad actor has been involved and, to our knowledge, Google has used your information for other purposes than this announcements or shared your protected information with anyone,” confirms the opinion.
Anyone who thinks it can be affected must be ultra-vigilant, modifying passwords and closely monitoring all accounts.
In particular, be on the lookout for all unexpected emails that claim to come from a medical address or related to health, and never click on anyone in whom you don’t trust 100%.
We have written advice on how a data violation could affect you and what should your next steps be.
