Blue Shield of California has disclosed that it inadvertently shared protected health information belonging to 4.7 million individuals with Google over a span of nearly three years. This incident affects a significant portion of its nearly 6 million members, as reported by Bleeping Computer.

This is not an isolated incident; numerous large-scale data breaches have impacted healthcare organizations within the past year. For example, the records of the Community Health Center were compromised in October 2024, affecting over a million individuals. Similarly, Lab Services Cooperative experienced a breach that involved data from 1.6 million Planned Parenthood patients. In February 2024, UnitedHealth Group faced a breach resulting in the exposure of data belonging to more than 100 million clients .

Details of the Breach at Blue Shield of California

As stated in a notice released on April 9, Blue Shield of California inadvertently allowed various types of data, including sensitive health information, to be shared with Google Ads via Google Analytics. This may have enabled Google to deliver targeted advertisements to its members. Although the breach was identified on February 11, 2025, it transpired from April 2021 to January 2024, until the link between Google Analytics and Google Ads was terminated on Blue Shield’s website.

The information that may have been exposed includes the following:

• Type, name, and group number of insurance plans
• City and zip code
• Gender
• Family size
• Identifiers assigned to online accounts by Blue Shield
• Service dates and providers for medical claims
• Names of patients
• Financial responsibilities of patients
• Criteria and results from “Find a Doctor” searches

The notice clarifies that none of the more secure personal information, such as Social Security numbers, driver’s license numbers, or banking/credit card details, were exposed. Additionally, Blue Shield confirmed that no malicious actors were involved and that there is no evidence of the data being misused.

Steps to Take If Your Information Has Been Affected

Notifications to members regarding the breach are underway, although Blue Shield cannot verify if any specific individual’s data has been compromised. Currently, the company is not providing credit monitoring or identity protection services for affected individuals. For inquiries about the breach, members can reach out to support at 833-918-5064, available Monday to Friday from 6 a.m. to 6 p.m. PT.

In light of any data breach, it’s vital to keep a vigilant eye on your credit report and financial activities for any irregularities. Consider requesting a free copy of your credit report (which is available weekly), freezing your credit, and placing a fraud alert. Additionally, take precautions to secure your Social Security number against unauthorized use.