- A breach has affected nearly 5 million Blue Shield of California healthcare customers
- This was thanks to a misconfiguration of Google Analytics
- Sensitive health information and patient data was exposed
Health insurance firm Blue Shield has revealed a data breach has exposed protected health data of over 4.7 million members.
The information was leaked to Google’s analytics and advertisement platforms following a misconfiguration of Google analytics on Blue Shield sites.
“On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information,” the company wrote.
No bad actors
Blue Shield insists that Social Security numbers, credit card information, or driving license numbers were not part of the disclosure, but that insurance plan name, type and group number; zip code, gender, family size, medical claim service date and service provider, patient name, and patient financial responsibility are all amongst the compromised information.
Once the connection was severed between Google Analytics and Google ads on the website in January 2024, Blue Shield says there is “no reason to believe that any member data” was shared.
After the issue was discovered, Blue Shield says it immediately reviewed websites and security protocols, and has taken safeguards to protect against similar attacks in future.
“Google may have used this data to conduct focused ad campaigns targeted back to you. We want to reassure you no bad actor was involved, and, to our knowledge, Google has not used your information for any purpose other than these ads or shared your protected information with anyone," the notice confirms.
Anyone who thinks they may be affected should be ultra vigilant, changing any passwords and closely monitoring any accounts.
Particularly, be on the lookout for any unexpected emails claiming to be from a medical or health related address, and never click any links from anyone you don’t 100% trust.
We've written some guidance on how a data breach might affect you and what your next steps should be here.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Marks and Spencer has suffered a cyberattack - here’s what we know so far
