The U.S. healthcare provider Novant Health has confirmed a data breach in which information from 1,362,296 people leaked.
The incident was caused by a misconfigured Meta pixel on the Novant Health website and the ‘MyChart’ portal, which transmitted privacy information to Meta and its advertising partners.
The incident began in May 2020, when Novant ran advertising campaigns for COVID-19 vaccinations that included Facebook ads.
Information disclosed during the breach include email address, phone number, IP address, emergency contact data, appointment type and date, selected physician, portal menu selections, and any content entered in the “free text” boxes.
“Immediately upon becoming aware that the pixel had the capability to transmit unintended information to Meta, Novant Health disabled and removed the pixel as a precaution and began an investigation to learn whether and to what extent information was transmitted. We reached out to Meta Facebook several times and through different channels, but never got a response,” Novant Health stated in an advisory.
The sources for this piece include an article in BleepingComputer.