Blue Shield of California Sued for Allowing Google Ads to Use Private Health Information

 

Blue Shield of California Sued for Allowing Google Ads to Use Private Health Information

On April 9, 2025, Blue Shield of California posted a notice of data breach on its website. On April 10, we filed a class action to enforce the rights of people whose private health information (“PHI”) was disclosed by Blue Shield.

What happened?

Like many businesses, Blue Shield used Google Analytics to track how people used its websites.  But unlike most businesses, Blue Shield is responsible for handling highly sensitive and private health information.

In the notice of data breach, Blue Shield says it recently “discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information.”

What does that mean? Here’s an example:

One of Blue Shield’s websites has a “Find a Doctor” search bar, which allows patients to search for nearby doctors by name, specialty, or condition.  Suppose you used “Find a Doctor” to locate a nearby:

  • •Psychiatrist for treatment of addiction. Google Analytics can track that.

  • •Urologist.  Google Analytics can track that.

  • •OBGYN.  Google Analytics can track that.

  • •And others.

And if Google Analytics is connected with Google Ads in a certain way, your name, location, doctor, and even your medical condition could be shared with Google’s advertising systems.

What information?

The information that may have been impacted includes the following:

  • •Patient names;

  • •“Find a Doctor” search criteria and results (location, plan name and type, provider name and type);

  • •Medical claim service date and service provider,

  • •Patient financial responsibility;

  • •Gender;

  • •Family size;

  • •Insurance plan name, type and group number;

  • •City;

  • •Zip code; and

  • •Blue Shield assigned identifiers for members’ online accounts.

What can you do?

Epps & Coulson, LLP filed a class action to hold Blue Shield accountable for what we believe is a serious violation of your privacy rights. If you were affected by the data breach, you may have received the notice from Blue Shield of California.  You may be entitled to compensation.

If you are interested in joining the lawsuit and making a claim, fill out the form below to let us know how to reach you.

Blue Shield Form with Epps & Coulson, LLP

Information contained in this article is intended for informational and educational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.  It is likely considered advertising.  Epps & Coulson, LLP encourages you to call to discuss these matters as they apply to you, your family members or your business’ insurance for employees.  Epps & Coulson, LLP has staff licensed in France and affiliated Counsel offices in New York and Connecticut with lawyers also admitted in Connecticut, District of Columbia, Massachusetts (pending), New Jersey, Hawaii, European Union, England and Wales, France (Paris Bar), and Sweden.

 

EPPS & COULSON, LLP
Attorneys admitted to practice in California, New York, Colorado, Texas, and Oregon
www.eppscoulson.com
www.companiescounsel.com