T O P
BuckeyeSouth

Yes, we did. It's wild that someone managing a HIPAA obligated website would use a Facebook pixel for any reason.


Q_S2

Right?! That sort of negligence seems almost...... Intentional.


Codeshark

I doubt it was intentional. HIPAA violations aren't the type of thing that you mess around with. They can cost up to $50,000 per violation and if it was found to be intentional then I assume the number would be towards the higher end.


Q_S2

True. However there are companies that consider 6 figure fines for violations a cost of business as well. If you're an ape you'll know what I mean


Codeshark

Sure but a violation is leaking an individuals information. If they intentionally exposed just 4,000 people's medical records and received the maximum penalty, that's a 250 million dollar fine.


ANAL_TOOTHBRUSH

Probably just some idiot being an idiot


Namath96

I think you’re severely underestimating how dumb people can be lol


Q_S2

Ah. I see you follow the principles of Hanlons razor! I won't dispute you fellow charlottean! God bless you. Perhaps you're right! I have a hard time trusting these foos.... especially F.B.


EasyTangent

Yes, but to be clear, it's not a traditional leak, as in someone hacked a database and leaked it online. The issue is that it's a setup / misconfiguration of the FB tracking pixel which sent more data than necessary to Facebook without letting the end users know that data is being sent. It breaks a ton of compliance rules and I wouldn't be surprised if a lawsuit comes out of this. In case anyone is curious on how it works: right now, if you go to any site, most likely there is a Facebook pixel there as well which tracks you (your profile) from site to site. The more websites you visit with these tracking pixels, the more data Facebook has to complete a "picture" of who you are and allows advertisers who use Facebook applications (including Instagram and WhatsApp) to target you specifically with ads that are most "relevant" to you. So if you search for whiskey (for example) on Google on your desktop and visit a couple of sites with the Facebook pixel being there, Facebook will know a couple things about you (old enough to drink whiskey, likes to drink alcohol, etc. etc.) Soon, you will get ads about whiskey a couple hours later when you visit Instagram on your phone. As a consumer, the "positive" is that you receive relevant ads. For advertisers, this provides them a goldmine because they now can target specific groups of people with specific interests and have a higher success rate of converting/selling a product without needing to overspend on advertisement. Where this backfires as the consumer is who gets access to this data? Imagine Facebook starts sharing this data with your insurance company. All of sudden, your health insurance company will know that you drink (and drink the heavier stuff) and also that you reached out to your doctor about potential heart issues, all of sudden your premiums will start increasing because there is a higher chance of a health risk with you specifically.


dlgreenwald

Yes. I got one too. HIPPA is much more stringent than standard personal information. I work with some folks who are responsible for HIPPA at a pharmacy chain and they have talked about how just knowing that someone uses their pharmacy would be a HIPPA breach. PIxels are a tracking technique, they don’t necessarily transmit Personal information, but Facebook/Meta knowing that you use Novant is a HIPPA violation hence the notification.


Jdudley13

From the letter the pixel was configured incorrectly: “It was possible sensitive information or PHI might have been disclosed to META, depending upon a users activity within the Novant Health website and my chart portal. This information could potentially have included: demographic information such as email address, phone number, computer IP address, and contact information entered into emergency contacts or advanced planning care; and information such as appointment type and date, physician selected, button/menu selections, and/or content typed into free text boxes.”


dlgreenwald

Seems like a substantial amount of burring their head in the sand. “If we don’t investigate we won’t know how bad it was.” SMH


NakedMuffinTime

*HIPAA Sorry, had to do it...


HushGalactus

As someone once told me it’s not HIPPA like hippo, it’s HIPAA lol


dlgreenwald

Justified. I type it wrong ALL the time.


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


Edwardc4gg

Yup. I sense a lawsuit coming.


EasySundayAM

There is one


Edwardc4gg

link? source?


EasySundayAM

https://www.justice4you.com/blog/novant-health-data-breach.html


cbdbun

Is this legit or just a lawyer trying to cash in on it? I’m not trying to fill out a form to be harassed by a law firm edit: definitely looks like it. That’s not an official class action website. edit 2: they emailed me about my form and it’s a waste of time guys. Just wait for an official class action settlement to be released


TSwizzlesNipples

> just a lawyer trying to cash in on it? That's pretty much all class action suits lol


cbdbun

I’ve been in public class action suits before and all I had to do was fill out an official form to show I was a part of it, and then they sent my settlement check. A lot easier and didn’t even have to talk to a lawyer.


NRM1109

Thank you! Just submitted to join


PristineBaseball

Expect a check for 88 cents


Edwardc4gg

thank you!


The_G_ad_Vincula

I did. Who's filing the class action against Novant and Meta? Meta is under a consent decree with respect to its privacy practices, and this kind of information collecting without notice to data subjects violates it. Same goes for Novant. They had no legitimate basis to share this information with Meta. There should be criminal charges as well as a civil class action for everyone impacted.


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


geekynerdornerdygeek

Got it. Class action against Novant. Or META. META announced a month or so ago that they "didn't realize" that they were collecting medical info? But like, it isn't just Novant, and nothing is being done to them???


GloomyClass1776

Creepy ass Facebook doing creeper things. Again.


sandrakarr

couple weeks ago, yeah. let me know when the class action goes up.


[deleted]

[удалено]


cbdbun

Where is the official site then? The letter didn’t mention it at all


Feloninthestacks

This made national headlines back in June, as a result of [this](https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites) story, I believe. It wasn't just Novant, unfortunately. The whole thing is pretty nauseating.


lurkitosupreme

>...good luck with that Most of these companies who leak your data at least offer a year of credit monitoring. Not Novant though. Shit like this is why I've just kept my credit locked since the Equifax breach. But not sure what to do about leaked medical info.


bee_a_beauty

It wasn't credit information (payment methods or social security numbers) that was affected though, it was medical chart information.


PristineBaseball

They are just talking about leaks in general


panasonique

The letter stated they leaked info about appointment types (like tests for diseases), and, what’s really scary, “content typed into free text boxes”. You know, like messages typed to your physician about your health concerns, results of tests, etc.


bee_a_beauty

Yup :( even worse than credit information in my opinion.


Jdudley13

Same, I’ve had identify theft protection for years Now, it just seems like a no brainer to me. My interpretation of the letter is they are taking steps to ensure it doesn’t happen again, but they have our data now so “whoops, our bad bro”


doomofraven

Hubby and I both got one. Hubby wasn't even on MyChart during the period, so I can only assume they scraped his info from mine.


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


Australian1996

Yup. Something to do with Facebook or meta or whatever. Love it. And I also got a letter last week from Lakeview mortgage or something about how my social sec number and birthdate were hacked. Even more awesome since I have no idea who these people are and I paid of my house over 10 years ago. Are dimwits running these IT departments???


OrangeInQC

Got the letter as well. Really wondering if this results in a class-action lawsuit.


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


NecessaryGlobal2155

Yes we got it. Novant is a management disaster so this isn’t really surprising to me honestly. My wife works for Novant and the decisions they make are laughable because they have imposter syndrome and think they need to keep up with Atrium rather than just embracing their position as a community hospital.


bugbbq

I'm trying to figure out if this is a Novant issue or an Epic issue. I've heard the same issue happened with Atrium, and they also use Epic. If that's the case, then this is much more widespread than just Charlotte.


Jdudley13

It is a meta pixel issue, looks like 11 health systems were impacted by it


bugbbq

So most likely Epic then. Epic is the software that Atrium and Novant use to store patient records. They also make the MyChart patient-facing platform.


ilikecacti2

At this point I’ve just accepted that meta or Google have access to my patient portal data. What can you even do? Every time I open a patient portal I get prescription drug ads or clinical trial ads right afterwards. It’s so obvious that they’re not keeping it secure, why even deny it.


[deleted]

[удалено]


Jdudley13

Providing my physicians names, appointment types and potentially notes I shared with my physicians is a massive deal and is absolutely something that I am worrying about. It’s none of their damn business


[deleted]

[удалено]


DarkAndSparkly

According to the class action lawsuit page, Novant says the following was leaked. Sorry for formatting. On mobile. Names Addresses Dates of Birth Email address Computer IP addresses Emergency contact information Types of medical appointments, dates, times and locations Patient Physician(s) Selections made on MyChart and other things typed on the site


EasySundayAM

Yep! With Facebook. Super concerning


kings-and-generals

I didn't.


NRM1109

Yes I got the same notification


Pristine_Cookie

I got the letter in the mail; it's dated August 12.


SweetestSummer

I got the letter, I hope they’re able to get it resolved.


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


steph_leppard

This happened to a ton of healthcare companies across a bunch of states. It amazes me that there could be such negligence when we literally pay thousands (sometimes hundreds of thousands) of dollars for healthcare...


Data_Coder

Yes


CLTManiac

I did, but I dont use Facebook. Better to delete it.


Jdudley13

I don’t either, that’s the point, they still got your info


nexusheli

I haven't checked my mail in like a week - did it have a time-frame when the issue occurred?


hsc90

I got it too. I can’t remember the exact dates, but it was if you accessed my chart in a certain time frame


WCNCNewsReporter

Hi there. This is Austin Walker with WCNC Charlotte. I'd love to talk to you about the breach. Please give me a call as soon as you can! 704-420-4727. Thanks!


Jdudley13

The pixel was placed on their site in May of 2020. It says the investigation occurred on June 17, 2022. So if you logged in to mychart in the last 2 years it appears that you were impacted.


Non-RedditorJ

Oh good, I haven't used it in over 2 years.


nexusheli

Fuck - I literally just signed up back in June after putting it off for months...