Blue Shield Leaked Millions of Patient Info to Google for Years

Blue Shield of California exposed the health data of 4.7 million members to Google for years due to a Google Analytics misconfigured setup. No SSNs leaked.

Blue Shield of California, a major health insurance provider, has announced that the private information of about 4.7 million of its members was exposed to Google’s advertising and analytics services. This happened over nearly three years, from April 2021 to January 2024.  

The insurer states (PDF) that they used Google Analytics to track how customers used their websites. A misconfiguration in this setup allowed protected health information to be collected as well, including the specific words and phrases that patients typed into the website to find doctors and other healthcare services.

On February 11, 2025, they discovered that Google Analytics had been set up in a way that allowed some member data to be shared with Google’s advertising platform, Google ...