NewYork-Presbyterian Hospital disclosed that its website used analytics tracking technology that resulted in the personal health information of 54,396 patients to be disclosed to its third-party technology service providers.
In January, the health system learned that the analytics tracking technology was sending some information to its third-party technology service providers.
Patients requesting appointments or second opinions, or initiating a virtual urgent care appointment via its website had the following disclosed to the tech providers: IP addresses, URLs and website addresses of the pages visited.
NewYork-Presbyterian Hospital also said certain tracking tools were able to obtain patient names, email addresses, mailing addresses and gender, according to a breach notification from the health system.
The health system said it has not found any evidence that the trackers and analytics tools captured any financial information, sensitive health information or Social Security numbers.
NewYork-Presbyterian Hospital has since disabled the trackers and analytics tools from its website, and said it is reevaluating its data capturing practices.
Currently, 14 U.S. hospitals and health systems are facing lawsuits for allegedly using pixel tracking technologies that shared confidential patient information with tech giants such as Meta, Facebook and Google.