INDIANAPOLIS — Community Health Network patients may find themselves getting targeted ads from Facebook and Google that mention their medical conditions after the health network discovered that a data breach may have led to certain patient information being transmitted to web tracking technology vendors.
Community Health Network stated there is no indication that sensitive information such as social security numbers, financial account numbers or debit card information was collected and transmitted as part of the breach. Information that could have been transmitted, however, includes computer IP addresses; dates, times, or locations of scheduled appointments; health care provider information; type of appointment or procedure scheduled; communications that occurred through MyChart which could include first and last name and medical record numbers; information about insurance coverage and the names on MyChart accounts.
An investigation conducted by Community confirmed that third-party tracking technologies were installed on Community’s website, including their MyChart patient portal and some of their appointment scheduling sites which allowed for information to be collected and transmitted to tracking vendors, such as Facebook (Meta) and Google.
Community stated they have since taken steps to mitigate the impact of the incident including disabling and/or removing all third-party tracking technologies on patient-facing websites and applications.
“Community regrets that this data breach occurred and is committed to safeguarding individuals’ information,” the health network said in a statement.
Letters have been mailed to individuals potentially impacted by the data breach which include recommendations on steps that can be taken for individuals to protect themselves from website tracking.
Community Health Network said they are also reporting the incident to the U.S. Department of Health and Human Services Offices for Civil Rights which is the federal agency that oversees the privacy and security of patient protected health information.
Some recommendations for patients to protect their data can be found on Community’s website, or individuals can call (866) 361-5593 between 9 a.m. and 7 p.m.