Breach at health insurance giant Blue Shield of California leaked health data of millions to Google - see if you are affected

News
By published

Sensitive healthcare information exposed

healthcare
(Image credit: Shutterstock)
  • A breach has affected nearly 5 million Blue Shield of California healthcare customers
  • This was thanks to a misconfiguration of Google Analytics
  • Sensitive health information and patient data was exposed

Health insurance firm Blue Shield has revealed a data breach has exposed protected health data of over 4.7 million members.

The information was leaked to Google’s analytics and advertisement platforms following a misconfiguration of Google analytics on Blue Shield sites.

“On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information,” the company wrote.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)

View Deal

No bad actors

Blue Shield insists that Social Security numbers, credit card information, or driving license numbers were not part of the disclosure, but that insurance plan name, type and group number; zip code, gender, family size, medical claim service date and service provider, patient name, and patient financial responsibility are all amongst the compromised information.

Once the connection was severed between Google Analytics and Google ads on the website in January 2024, Blue Shield says there is “no reason to believe that any member data” was shared.

After the issue was discovered, Blue Shield says it immediately reviewed websites and security protocols, and has taken safeguards to protect against similar attacks in future.

“Google may have used this data to conduct focused ad campaigns targeted back to you. We want to reassure you no bad actor was involved, and, to our knowledge, Google has not used your information for any purpose other than these ads or shared your protected information with anyone," the notice confirms.

Anyone who thinks they may be affected should be ultra vigilant, changing any passwords and closely monitoring any accounts.

Particularly, be on the lookout for any unexpected emails claiming to be from a medical or health related address, and never click any links from anyone you don’t 100% trust.

We've written some guidance on how a data breach might affect you and what your next steps should be here.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.