The tech giant may have used the data for targeted advertising, according to Blue Shield, one of the largest health insurers in the United States.
The data breach was caused by a misconfiguration of Google Analytics, which resulted in the sharing of policyholder data with Google Ads, Google’s advertising platform. This likely included protected health information. “Google may have used this data to display targeted ad campaigns to individual members,” the company stated. The data was transmitted between April 2021 and January 2024.
The leaked information includes details about purchased health insurance plans, zip code and city, gender, family size, account IDs, names of insured individuals, and search queries related to finding a doctor. After discovering the breach, Blue Shield said it reviewed all its websites to ensure that no other tracking technologies were sharing protected health information with third parties.