- A violation has affected nearly 5 million blue shields from California’s health customers
- This was thanks to a wrong configuration of Google Analytics
- Sensitive health information and patient data were postponed
The health insurance company Blue Shield has revealed that a data violation has exposed protected health data to over 4.7 million members.
The information was leaked to Google’s analysis and advertising platforms following a wrong configuration of Google Analytics at Blue Shield places.
“On February 11, 2025, Blue Shield discovered that Google Analytics between April 2021 and January 2024 were configured in a way that made it possible to share certain membership data with Google’s advertising product, Google Ads, which probably included protected health information,” the company wrote.
No bad actors
Blue Shield insists that social security numbers, credit card information or driver’s license numbers were not part of the disclosure, but that insurance plan name, type and group number; Post -cutting, gender, family size, service date for medical requirements and service provider, patient name and the patient’s financial responsibility are all among the compromised information.
When the connection was cut off between Google Analytics and Google ads on the site in January 2024, Blue Shield says there is no reason to believe any member data “was shared.
After the question was discovered, Blue Shield says it immediately reviewed sites and security protocols and has taken protection measures to protect against similar attacks in the future.
“Google may have used this data to implement focused ad campaigns that are targeted back to you. We want to reassure you that no bad actor was involved and to our knowledge, Google has not used your information for any purpose other than these ads or shared your protected information with someone,” the message confirms.
Anyone who thinks they can be affected must be ultra vigilant, change all passwords and closely monitor any accounts.
In particular, you should be looking for any unexpected E emails that claim to be from a medical or health -related address, and never click any links from anyone you don’t have 100% confidence.
We have written some guides on how a data violation can affect you and what your next steps should be here.
