Researchers find that tracking pixels—small pieces of embedded code that can transmit user data to third parties—significantly increase data breach risk on hospital websites.
Hilal Atasoy and colleagues analyzed 12 years of archived website data from 1,201 large U.S. hospitals between 2012 and 2023, examining the adoption of pixel tracking and their relationship to data breaches. The findings are published in the journal PNAS Nexus.
The authors found pixel tracking in 66% of hospital-year observations, despite stringent privacy regulations. Hospitals using third-party pixels experienced at least a 1.4 percentage point increase in breach probability, representing a 46% relative increase compared to the 3% baseline breach rate.
Third-party pixels, which transmit patient data to vendors like Meta and Google, significantly increased breach risk, while first-party pixels that keep data within the hospital showed no significant relationship with breaches. Physical breaches caused by misplaced documents or devices showed no relationship with pixel use, supporting the digital transmission mechanism.
According to the authors, the findings reveal a critical regulatory gap in health care privacy protections, as tracking pixels operate outside traditional Health Insurance Portability and Accountability Act safeguards. The authors recommend hospitals strengthen data governance policies to protect patient information.
More information:
Hilal Atasoy et al, Beyond the click: Pixel tracking technologies and patient data security in hospitals, PNAS Nexus (2025). DOI: 10.1093/pnasnexus/pgaf360
Provided by
PNAS Nexus
The content is provided for information purposes only.