Google Ads may have accessed some protected health information of Blue Shield of California members, the company disclosed April 9.
According to the notice, Blue Shield learned Google Analytics was configured on its websites in a way that allowed certain member data to be shared with Google Ads. This information likely included protected health information, the company said, and Google may have used this data to conduct focused ad campaigns to individual members.
“We want to reassure our members that no bad actor was involved, and, to our knowledge, Google has not used the information for any purpose other than these ads or shared the protected information with anyone,” Blue Shield said in the notice.
Because of the “complexity and scope” of the breach, the company cannot confirm which members’ information was affected, according to the notice. Information shared with Google included medical claim dates and providers and patients’ searches in Blue Shield’s “Find a Doctor” tool. Social security numbers, credit card numbers and other personal information were not involved.
“We understand receiving a notice such as this can create concern, and we regret that member personal information may have been shared without authorization. Blue Shield takes the security of member information very seriously, and we are committed to maintaining their privacy,” the company said in its statement.
