Allina Health uses Google Analytics to enhance the AllinaHealth.org experience for our patients, visitors and community members. In recent months, several health care systems have learned that tools used by internet tracking technology vendors may inadvertently capture private health information. Allina Health proactively reached out to an outside consulting firm to do a forensic analysis of Allina Health’s use of tracking tools.
In late February 2023, the firm determined that tracking pixels were sending some protected information to Google Analytics. Allina Health’s internal teams have been working diligently with our outside partner to identify affected patients.
A limited number of patients had pieces of information captured by Google Analytics. This was not a cybersecurity attack, and Allina Health has no evidence that Google used this data for any purpose other than providing analytic services to Allina Health.
Allina Health is committed to patient privacy and understands that these types of events can cause concern. We are deeply sorry for any concern or inconvenience that this incident causes anyone.
No, only select information was sent to Google.
The information may have included:
This information DID NOT include:
We have sent communication to individuals whose information may have been involved.
They help gather the trends and preferences of web site users to improve the user experience.
Allina Health has removed the code that was capturing private health information and has implemented internal processes to prevent it from being added in the future.
Allina Health has notified those impacted by this incident. In addition, there is a link to the notice on AllinaHealth.org which will be in place for the next 90 days and a news release was sent out to relevant media outlets.
Google’s Terms and Conditions do not allow them to re-sell or publish any of the data that was inadvertently sent to them.
Google’s Terms and Conditions do not allow them to re-sell or publish any of the data that was inadvertently sent to them.
Google’s Terms and Conditions do not allow them to re-sell or publish any of the data that was inadvertently sent to them. The data was not stolen like other data breaches that get reported.
Credit card information was not shared.
We are working with Google to purge the data.
No passwords were part of the data sent to Google.
Those with questions may call Allina Health at 866-979-1541, Monday-Friday from 8 a.m. – 6 p.m. CST, beginning Monday, May 1, 2023.
You may file a complaint with the Allina Health Privacy Office by writing to the following address:
Allina Health Privacy Office
Mail Route 10839
P.O. Box 43
Minneapolis, MN 55440-0043
In addition, the federal Office for Civil Rights has been notified of this situation.
If you would like to submit an additional complaint to the Office for Civil Rights you can submit your complaint:
Allina Health is committed to patient privacy and understands that these types of events can cause concern. We are deeply sorry for any concern or inconvenience that this incident causes anyone. While we do not believe this incident puts patients at risk for identity or financial theft, out of an abundance of caution, we are offering a complimentary two-year membership of TransUnion credit monitoring/identity protection services. We also encourage everyone to continue practicing the usual caution around suspicious communication and promptly report any suspected identity theft or other suspicious activity to the proper law enforcement authorities.