Overview
- Between April 2021 and January 2024, a misconfigured Google Analytics tool on Blue Shield's websites shared protected health information with Google Ads.
- The breach affected 4.7 million members, exposing data such as insurance details, medical claim dates, provider information, and demographic data.
- Blue Shield discovered the issue in February 2025 and notified affected members and regulators in April 2025, confirming no malicious intrusion occurred.
- It remains unclear whether Google deleted the data or complied with removal requests; both companies have declined to comment on the matter.
- Blue Shield has not provided identity theft protection to members, instead advising them to monitor financial and credit activity for suspicious behavior.