Blue Shield of California has reported a significant data breach, exposing the protected health information of 4.7 million members.
The breach occurred between April 2021 and January 2024, when a misconfiguration of Google Analytics on certain Blue Shield websites caused sensitive data to be shared with Google’s advertising platforms.
The exposed data includes details such as insurance plan names, medical claim service dates, provider names, and online account identifiers. Fortunately, sensitive personal information like Social Security numbers, banking details, and credit card information were not affected. However, the breach may have allowed Google to use this data for targeted ad campaigns directed at affected members.
The health insurance provider did not offer identity theft protection services following the breach and has not clarified whether individual notifications will be sent to the impacted members. This incident marks Blue Shield’s second major IT breach in under a year, following a ransomware attack last year that compromised the data of nearly one million members.
Blue Shield urges members to monitor their accounts for suspicious activity but has not yet confirmed if further actions will be taken.
