DaVita has discovered that tracking tools used on its web pages and mobile app might have transmitted user information to third-party providers. On July 2, 2024, kidney dialysis service provider DaVita Inc. based in Denver, CO informed 67,443 patients concerning a pixel-related data breach. With the 2,800+ outpatient dialysis centers in the U.S., DaVita serves approximately 204,200 patients in the United States alone, and around 3,200 patients in other nations. DaVita mentioned that it found out on June 17, 2024, that Pixels were installed on its Care Connect mobile app and website health portal. Pixels are online tracking codes that when installed on web pages and mobile apps log visitor actions. Its use possibly transmitted DaVits web user information to third-party providers.
The types of breached data differed from person to person depending on their activities on the website and usage of the mobile app. That data might have contained the following: usernames and third-party cookies/identifiers, work status, patient reference/classification, data concerning the usage of the application or pages clicked on the website, and data showing if the user was logged into a DaVita account, however, not the account password. For some users, some demographic details were also possibly exposed. Laboratory test names or laboratory test resources were also likely accessed on the website, although not including laboratory test results. The above types of data may be associated with a person through their IP address and third-party identifiers like when a user was signed into their Facebook or Google account during the time. First and last names would just be compromised if they had been used in creating a username.
DaVita stated it has uninstalled all third-party tracking codes that were known to be not in compliance with HIPAA. It has enforced new guidelines and procedures and offered extra HIPAA training to its employees to avoid the same privacy breaches down the road. DaVita mentioned it does not know of any improper use of the exposed data that is probably going to bring about financial or comparable problems.