The Doctor Didn’t Tell Google, But Your Data Might Have

I’m a bit behind on calling this one out, but that’s because this isn’t a breaking-news disaster — it’s a slow-motion one.

If it were a zero-day, I’d have pushed it out right away. But this? This is the opposite: a years-long drip of privacy fail.

Blue Shield of California accidentally shared private health information (PHI) with Google for years.

Not on purpose. A misconfigured website quietly let sensitive data trickle out every time someone used certain features. No one noticed. No one fixed it. No one even mentioned it. For. Years.

This wasn’t a hack. It was a door left open, long enough for Google’s ad systems to wander in and make themselves at home.

Google might have used that data to target ads at those patients, or worse, to shape what information they saw later. That’s not just creepy; it’s potentially manipulative.

And the kicker? We still don’t know if it’s fully stopped. Several other healthcare companies have been caught doing the same thing.

Targeted ads might not sound catastrophic, but they can absolutely cause harm. And if you’ve forgotten why this feels familiar, let me whisper an old name from the data-breach crypt: Cambridge Analytica.

This all comes down to something deceptively tiny: tracking pixels (also called web beacons).

They’re invisible one-pixel images embedded in web pages and emails that quietly report what you click, where you move, and how long you stay. They’ve been around since the late 1990s, originally used for analytics, but they’ve since become the Swiss Army knife of online surveillance.

In health-related sites, those same pixels can accidentally send private data (like diagnoses, prescription searches, or doctor names) straight to third-party servers.

You can’t stop companies from making mistakes, but you can stop a lot of the tracking.

Install Privacy Badger, a free browser add-on from the Electronic Frontier Foundation. It automatically blocks tracking pixels and cookies that follow you across sites.

It takes about 30 seconds to set up:

That’s it. No settings to tweak, no tech degree required.

And yes, do it on your phone too. Mobile browsers leak data like sieves.

The Blue Shield case is a reminder that privacy leaks don’t always make headlines — sometimes they just hum quietly in the background for years.

So take a minute today to patch the digital holes you can control. The internet doesn’t come with a doctor-patient confidentiality clause, but your browser can at least keep a few secrets for you.

Further reading:

CybersecuriTea is a free, plain-English guide to digital safety, designed for families, friends, and the folks you love. Subscribe today and get weekly tips to help keep your digital life secure.

Or, if you’d like to support our work and keep the kettle warm for everyone: