WakeMed has added itself to the long list of U.S. hospitals that have exposed their patients’ medical data to a massive network of third parties, such as marketers and advertisers, by failing to properly configure the Meta Pixel tracker.
WakeMed is a 919-bed healthcare system that operates multiple facilities in North Carolina and an online patient portal called MyChart, which lets patients book doctor appointments, communicate with physicians, request medicinal prescriptions, etc.
As the medical institute disclosed earlier in the month, MyChart had a tracker from Meta (Facebook) named Pixel running even on pages beyond login screens, where patients entered sensitive personal and medical information.
Because these trackers can collect all data that website visitors enter in forms, some of the sensitive data entered by patients on the MyChart portal may have been sent outside WakeMed’s systems.
Depending on the user’s activity, the following data types might have been exposed:
email address, phone number, and other contact information; computer IP address; emergency contact information; information provided during online check-ins, such as allergy or medication information; COVID vaccine status; appointment type and date and physician selected.
The period of exposure was determined between March 2018 and May 2022, when the healthcare system disabled Meta’s trackers on all its pages to prevent further unintentional data leaks.
According to the organization’s submission of the data breach details to the authorities, the number of confirmed impacted individuals is 495,808.
WakeMed says Social Security numbers or any form of financial information have not been exposed as a result of