1. Website Planet
  2. >
  3. News
  4. >
  5. Blue Shield Shared Patient Information With Google for Years
Blue Shield Shared Patient Information With Google for Years

Blue Shield Shared Patient Information With Google for Years

Andrés Gánem Written by: Andrés Gánem
Maggy Di Costanzo Reviewed by: Maggy Di Costanzo
Last updated: May 09, 2025
Blue Shield of California, a major US health insurer, shared the protected information of 4.7 million patients with Google Ads for years, according to an April 9 notice. The company claims no malicious actors were involved, and that Google only used the information for targeted advertising.

According to the notice, the data breach took place between April 2021 and January 2024, with Blue Shield only learning about it in February 2025. The company claims it integrated the Google Analytics tool on its websites to track how visitors interact with them and improve the user experience, the same way other websites do.

The company blames a misconfiguration in the service for what led it to share patient-sensitive data with the tech giant. This included data protected under the Health Insurance Portability and Accountability Act (HIPAA).

Potentially exposed data includes patient names, gender, insurance plan details, location, family size, and the kinds of doctors and treatments patients researched.

“Google may have used this data to conduct focused ad campaigns back to those individual members. We want to reassure our members that no bad actor was involved, and, to our knowledge, Google has not used the information for any purpose other than these ads or shared the protected information with anyone,” reads the breach notice.

Blue Shield has begun notifying the 4.7 million people potentially affected, a group that likely includes the majority of its customer base. It also claims to have severed the connection between Google Analytics and Google Ads in January 2024. “We have no reason to believe that any member data has been shared from Blue Shield’s websites with Google after the connection was severed.”

Responding to press inquiries, a Google spokesperson shared the following statement: “Businesses, not Google, manage the data they collect and must inform users about its collection and use. By default, any data sent to Google Analytics for measurement does not identify individuals, and we have strict policies against collecting Private Health Information (PHI) or advertising based on sensitive information.”

The tech giant has a long history of collecting user information without explicit user consent. A 2024 study found that 96% of all US hospitals shared visitor information with the company.

Most recently, Google returned to “digital fingerprinting” for targeted advertising, a practice that’s both harder to spot and block than traditional cookies.

Andrés Gánem
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Follow our experts on
Rate this Article
4.0 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3656750
50
5000
143200900