in Newswire Published on October 31, 2022

Data Breach: WakeMed Shared Patient Portal Info with Facebook for Over Four Years, Class Action Claims

by Erin Shaak

Last Updated on October 1, 2024

View Comments

Matthiae v. WakeMed Health and Hospitals

Filed: October 28, 2022 § 5:22-cv-00433

Read Complaint

WakeMed has unlawfully disclosed to Meta certain health and personal information entered by consumers into its website and patient portal, a lawsuit alleges.

Defendant(s)

WakeMed Health and Hospitals

Law(s)

State(s)

North Carolina

Categories

Medical/Health Privacy Data Breach

A proposed class action claims WakeMed Health and Hospitals has unlawfully disclosed to Meta Platforms certain health and personal information entered by consumers into WakeMed’s website and patient portal.

The 28-page lawsuit alleges that for at least four years, the 970-bed not-for-profit Raleigh, North Carolina-based healthcare system had a piece of software code, known as the Meta pixel, embedded on its website, WakeMed.org, and patient portal. The Meta pixel captured and transmitted to the social media giant certain information entered by patients, the complaint claims.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

Per the suit, WakeMed did not disclose this surreptitious data collection until earlier this month, leaving patients unaware for years that their private information had been disclosed to third-party Meta.

The case relays that in March 2018, WakeMed, the biggest healthcare system in Wake County, North Carolina, launched a campaign to connect patients with its MyChart patient portal, where users can access medical records, view test results, request subscription refills, fill out medical forms, check into appointments, and communicate with healthcare providers. Per the case, the campaign involved Facebook advertisements and the use of a Meta pixel, a tracking code that can be used by website operators to track how visitors use their sites and measure the effectiveness of advertising campaigns.

The suit relays that the pixel on WakeMed’s website and patient portal was configured to collect some of the information entered by patients, including their names and contact details; computer IP addresses; emergency contact information; check-in information, such as allergies and medications; appointment details; and, in some cases, Social Security numbers or financial information. According to the suit, a “host of sensitive, non-public information” that patients believed they were communicating only to their healthcare provider was passed on to Meta without their knowledge or consent.

The case alleges that WakeMed removed the pixel in June 2022 and began an investigation into the patient data that had been transmitted to Facebook. The healthcare system nevertheless waited until October 11 to send notice to patients whose data was disclosed, the suit says.

According to the filing, WakeMed failed to satisfy its duty as a healthcare provider to safeguard patients’ sensitive information from unauthorized disclosure.

“Defendant is responsible for allowing this Data Breach through its willful and knowing configuration and implementation of the tracking Pixel, its failure to implement and maintain reasonable safeguards to prevent the disclosure of Private Information, its unreasonable data policies, its failure to adequately train employees, and its failure to comply with industry-standard data security practices.”

The lawsuit looks to represent anyone WakeMed identified as among those who were impacted by the data breach, including anyone who was sent a notice of the data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Open Document
Last Updated on October 1, 2024 — 11:27 AM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.