INDIANAPOLIS — Community Health Network says some patient information may have been transmitted to website tracking technology vendors, such as Facebook (Meta) and Google.
The healthcare system found that third-party tracking technologies were installed on Community’s website, including the MyChart patient portal, and on some of its appointment scheduling sites.
"On September 22, 2022, Community discovered through its investigation that the configuration of certain tracking technologies allowed for a broader scope of information to be collected and transmitted to the web tracking technology vendors than Community had ever intended," a news release read.
Community says that the information transmitted depending on the technical configuration of each user's device.
Information that could have been shared includes:
- Computer IP address
- dates, times, and/or locations of scheduled appointments
- health care provider information
- type of appointment or procedure scheduled
- communications that occurred through MyChart, which may have included first and last name and medical record number
- information about insurance coverage
- The name of any MyChart account proxy.
The release says there is no indication that any Social Security numbers, financial account numbers or debit/credit card information was collected or transmitted.
"Community regrets that this data breach occurred and is committed to safeguarding individuals’ information," a spokesperson said in a statement to WRTV.
Community is advising anyone potentially impacted by this incident of the steps that that they can take to protect themselves from website tracking, which includes changing the privacy settings on their devices to block or delete cookies or by using browsers that support privacy-protecting operations, as well as adjusting privacy settings on any Facebook or Google accounts.
The organization says it has disabled or removed the technologies and improved its evaluation and management processes.
Community is mailing letters to potentially impacted individuals with information about the data breach, actions Community has taken and recommendations on steps that individuals can take to protect themselves from website tracking.
Information about the incident is available in the letters mailed to patients or by calling (866) 361-5593 between 9 a.m. and 7 p.m. Eastern time, Monday through Friday.
More information is also available online.
