By HFT Staff

New York-Presbyterian Hospital (NYP) has been notified of its use of tracking and analytics tool on its website may have resulted in sharing patients’ information with developers. The healthcare facility first began using the tool from third-party service providers to better understand how visitors interacted with the website, allowing them to improve external communication, monitor community engagement and make it easier for patients to connect.  

NYP first learned that patient information may have been accessed by third-party technology service providers in January 2023. Upon review, the facility determined that the tracking and analytics tools accessed IP addresses and the URL/website addresses of the pages visited, which may have included the provider name and specialty listed on the website. Certain tools were also able to access first name, last name, email address, mailing address and gender information.  

At the time of report, there has not been any evidence that the trackers and analytics tool captured financial information, passwords, payment information, social security numbers or sensitive numbers. The tools also did not collect any protected health information from patient medical records.  

Approximately 54,396 patients' data was compromised. 

Upon learning the information, NYP disabled the trackers and worked with a forensic firm to conduct a full analysis of the information that the tools collected and shared.