FeganScott Announces Investigation Into Blue Shield of California Data Breach That Compromised 4.7 Million Individuals’ Protected Health Information

Today, consumer-rights law firm FeganScott announced that it has launched an investigation into Blue Shield of California, one of the largest healthcare insurance providers in the country, following confirmation from the company and the United States Department of Health and Human Services that the company had shared private health information and site user data with Google’s advertising products, Google Ads and Google Analytics.

According to the company’s statement, from April 2021 to January 2024, the company had configured Google Ads to allow it to access certain member data that likely included protected health information. Blue Shield failed to recognize this security breach until February 11, 2025. Google may have used this data to conduct focused ad campaigns on members whose data was accessed.

The information accessed may include:

• Insurance plan name, type, and group number
• City, zip code, & location data
• Gender
• Family size
• Medical claim information including dates, providers, patient names, and patient financial responsibility
• “Find a Doctor” search criteria & results, including locations, plan name and type, and provider name & type
• As well as identifiers assigned by Blue Shield to members’ accounts

Blue Shield reportedly “severed the connection between Google Analytics and Google Ads on its websites in January 2024.”

“Blue Shield’s failure to identify the unauthorized disclosure of protected health information over a period of nearly three years is a grievous violation of its members’ privacy,” said Beth Fegan, Managing Member of FeganScott. “Not only did Blue Shield improperly disclose its members protected health information, but Blue Shield allowed Google to profit from the disclosure by serving members personalized ads based on their protected health information.”

If you were a Blue Shield of California member from April 2021 to January 2024, viewed the Blue Shield of California website from April 2021 to January 2024, or have been notified by Blue Shield of California that your information may have been accessed, contact us at FeganScott for a free legal consultation here:

https://www.feganscott.com/contact-us/

View source version on businesswire.com: https://www.businesswire.com/news/home/20250425668114/en/

“Blue Shield’s failure to identify the unauthorized disclosure of protected health information over a period of nearly three years is a grievous violation of its members’ privacy,” said Beth Fegan, Managing Member of FeganScott.