Personal Health Data May Have Been Used By Google For Ads: This Is What Happened

Blue Shield of California, personal health data belonging to its members were accidentally shared with Google. (photo: x @TheCyberSetinghub ·)

JAKARTA Cases of sensitive data leaks have resurfaced. This time, it was Blue Shield of California's turn to confirm that its members' personal health data was accidentally shared with Google. It is even most likely used for advertisements targeted through Google Ads.

According to the company's official statement, the data was leaked due to a Google Analytics configuration error used to track user activity on the Blue Shield website. Unfortunately, this error lasted for almost three years: from April 2021 to January 2024.

As a result, a large amount of personal and medical data including:

- The name of the patient and gender

- City and postal code

- Names and types of insurance

- The date of medical claim as well as the name of the service provider

- The number of patients' financial dependents

- Search criteria "Find a Doctor"

- all go to the Google ad system without the user's knowledge.

What Data Hasn't Been Leaked?

Fortunately, Blue Shield confirmed data such as Social Security numbers, SIM numbers, as well as banking information and credit cards were not included in the leaked data.

However, the leaked data has high sensitive value and has the potential to be misused for psychological manipulation through specific targeted advertisements, without realizing the data owner.

What Should Blue Shield Users Do?

If you are a Blue Shield of California user, here are the suggested steps:

- Check your account's activity regularly.

- If you suspect data misuse, immediately report it to the Federal Trade Commission (FTC) at 1-877-438-4338.

- Use the official assistance link from Blue Shield to report or protect yourself from potential identity theft.

- Use incognito mode or blocker when accessing online health portals to prevent similar tracking.

Blue Shield has yet to state who is really responsible for this incident, and the investigation is still ongoing. But this is a strong warning to companies that use digital analytic tools, especially in industries that handle sensitive data.

This incident also sparked a debate about the need for stricter regulations related to digital privacy and protection of health data in the AI era and big data.