Indianapolis-based Community Health Network is notifying patients that some of their protected health information may have been sent to Meta and Google.
Community Health learned that patient information such as computer IP addresses; names; medical records numbers; dates, times and locations of scheduled appointments; healthcare provider information; type of appointment or procedure; and communications through MyChart were compromised after it had implemented third-party tracking technologies on its website and MyChart patient portal, according to a Nov. 16 breach notification from Community.
This patient information was collected and transmitted to tracking vendors, such as Facebook, parent company Meta, and Google.
Patient information such as Social Security numbers, financial account numbers or debit card information was not collected or transmitted as part of the breach, according to Community.
Community said it has since removed the tracking tools on patient-facing websites and applications and is working to notify those who have been affected.
The number of affected patients was not disclosed.