Monday, May 5, 2025
HomeCyber Security NewsBlue Shield Exposed Health Data of 4.7 Million via Google Ads

Blue Shield Exposed Health Data of 4.7 Million via Google Ads

Published on

SIEM as a Service

Follow Us on Google News

Blue Shield of California has disclosed a significant data privacy incident affecting up to 4.7 million members, after discovering that protected health information (PHI) may have been inadvertently shared with Google Ads over nearly three years.

The healthcare provider is now alerting potentially impacted members and implementing new safeguards to prevent future breaches.

The breach centers on the use of Google Analytics—a common website tracking tool—on certain Blue Shield web portals.

- Advertisement - Google News

On February 11, 2025, Blue Shield determined that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed member data to be transmitted to Google’s advertising platform, Google Ads.

While intended to improve online services, this configuration error meant that sensitive data could have been used by Google to target advertisements to members.

Blue Shield emphasizes that there is no evidence of the involvement of a malicious actor.

According to their investigation, Google did not employ the collected health data for purposes beyond personalized advertising, nor did it share the information with unaffiliated third parties.

“Protecting our members’ privacy is our top priority,” a Blue Shield spokesperson said. “We regret any distress this may cause and are committed to addressing the issue transparently.”

Leaked Information

Potentially exposed data includes insurance plan details, member location, gender, family size, online account identifiers, medical claim details (such as service date and provider), “Find a Doctor” search criteria, and patient financial responsibility.

Crucially, no Social Security numbers, driver’s license details, or banking/credit card information were involved in the breach.

Blue Shield severed the Google Analytics and Google Ads connection in January 2024 and has since reviewed its tools to ensure no further impermissible data sharing occurs.

In response, Blue Shield has begun notifying all members who may have been affected and has reinforced its website security protocols.

The company urges members to remain vigilant by regularly reviewing account statements and credit reports.

The incident highlights ongoing challenges at the intersection of healthcare, technology, and privacy. Blue Shield has committed to continued transparency and strengthened safeguards as it works to rebuild member trust.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...