-UCHealth and UCLA Health are the latest entities to report recent health data breaches, both involving third-party vendors.
UCHealth suffers third-party data breach
UCHealth of Aurora, Colorado reported to HHS a third-party data breach that affected 48,879 people.according to it news UCHealth was recently notified by software company Diligent that patient, provider, and employee data may have been involved in a security incident.
“Diligent provides hosted services to UCHealth and has informed UCHealth that Diligent’s software has been accessed and attachments containing UCHealth files have been downloaded,” the notice reads.
“Importantly, none of UCHealth’s systems, including email and electronic medical records, were affected by this incident.”
Information that cybercriminals may have downloaded may include names, addresses, information related to medical treatment, dates of birth, and in some cases social security numbers and financial information.
UCHealth said it had “no reason to believe that the data obtained from Diligent’s systems was anything other than cybercriminals or was misused in any way,” but it did ask affected individuals to monitor suspicious activity. urged.
UCLA Health Breach Impact 94K
UCLA Health notification 94,000 of recent medical data breaches attributed to the use of analytics tools such as tracking pixels. As previously reported, Many hospitals face backlash Against the use of tracking tools created by companies such as Meta and Google. Meta itself has faced multiple lawsuits over its use of tracking pixels on hospital websites.
UCLA Health doesn’t specifically mention Meta, but when you use the analytics tools on the reservation request form you complete on the website or mobile app, “certain limited information is captured and shared with third-party service providers. It points out that it may have been sent.
The healthcare system began using analytics tools on its public website and mobile apps in April 2020 with the goal of understanding how the community interacted with them.
“Analytic tools allow organizations to see website and app activity together to develop more effective and efficient communications,” the organization said.
“In June 2022, UCLA Health disabled these analytics tools when it learned of concerns about providers’ use of these analytics tools.”
Booking request forms, including analytics tools, may capture information about hashed form fields, including third party cookies, provider name and expertise, name, email address, phone number, mailing address and gender .
“It is important to note that these analytics tools do not capture social security numbers, financial account numbers, or debit/credit card information,” the notice continues.
Additionally, the affected booking request form was only present on the UCLA Health website and UCLA Health mobile app. UCLA Health did not place these analytical tools within its online patient portal, myUCLAhealth. “