Magnifying glass made of pixels

Healthcare site leaks personal health information via Google and Meta tracking pixels

Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information (PHI), with Google and Meta (Facebook).

Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and provides care for about 3 million patients. The company used tracking technology provided by Google and Meta to understand how patients and others interact with its websites.

The questions Advocate Aurora Health wanted to answer were no different than any other website owner: How do visitors use its website, what draws them here, and which pages do they visit? That is very useful information if you want to optimize your website, attract more visitors, and build something that actually fits users needs.

And their solution was no different either: They turned to Google and Meta, who provide website owners with this information through the use of tracking “pixels”. The code behind a tracking pixel can give a website owner useful information about their visitors, such as the type of device they are using, their approximation location (which can be worked out from a user’s IP address), and how they move from page to page across a website. It can also reveal if visitors are coming from a paid ads on Google, Twitter, or Facebook, so companies can tell whether their marketing dollars are being spent productively.

How data can be leaked

What the Advocate Aurora Health’s disclosure doesn’t reveal is how the information was shared, or whether or not Google and Meta were aware of it. We note that the language it uses is “disclosed” rather than “gathered”, suggesting the website over-shared rather than an overreach by the trackers.

Although both Google and Meta have, rightly, earned repuations for rapacious data gathering, the details of how their pixels work, and what they do and don’t care about, are important where health information is concerned. It is possible that neither were aware of the nature of the data being shared, and that neither would want the legal or compliance headaches that come with handling it.

If that is the case, it wouldn’t be the first time. Just two months ago North Carolina-based Novant Health notified 1.3 million patients that using the Meta pixel code may have led to unauthorized disclosure of PHI.

In 2015, when the Affordable Care act’s website first launched, it was also found to be leaking data to third parties, and it provides a useful lesson in how it can happen.

Simplistically, web analytics and web ad tracking systems want to know the number of indvidual visitors to the different URLs on a website, and how those visitors got there. Each time a visitor lands on a page a tracking pixel sends the URL (along with some extra information, such as the browser type, screen resolution, IP address etc) to Google, Meta, or whoever, so that they can add +1 to the count for that URL.

The site used URL parameters to pass information from page to page as people moved through the site. The parameters included the user’s age, zip code, income, and whether or not they were a smoker or pregnant. Since the URLs contained that information, and the URLs were sent to third party trackers to be counted, the third parties found themselves inadvertently receiving and storing privileged information.

Research done by TheMarkup in June of 2022 showed that Meta’s pixel could be found on the websites of 33 of the top 100 hospitals in America.

What was disclosed

For Advocate Aurora Health customers, the following information may have been involved:

  • IP address
  • The dates, times, and/or locations of scheduled appointments
  • Their proximity to an Advocate Aurora Health location
  • Information about their provider
  • The type of appointment or procedure
  • First, last name, first name of a proxy, and medical record number
  • Information about whether they had insurance

According to Advocate Aurora Health, no social security number, financial account, credit card, or debit card information was involved in this incident.

Stop tracking me

Advocate Aurora Health disabled and/or removed tracking pixels on patient websites and applications. Luckily, not every website has to worry about that type of private information. Full disclosure, even this site uses tracking technology, but we do understand that you wish website owners didn’t.

There are several things you can do to stop this kind of tracking or limit the consequences.

  • Use a browser that values your privacy. Unfortunately there is a low correlation factor between what most people find the best browsers and what are the best browsers when it comes to privacy and security.
  • You can frustrate tracking by blocking and deleting cookies and making sure you log out of Facebook and Google before you visit other sites. However, this requires your full attention and in some of these cases you are relying on technology provided by Google and Facebook.
  • Anti-tracking software is your easy way out. We at Malwarebytes, recommend Malwarebytes Browser Guard. You can keep on using Chrome, Firefox, Edge, or Safari and after the install you can set and forget about trackers. Our  browser extension blocks tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from online harassment.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.