Kaiser Permanente disclosed that tracking technologies (pixels) embedded in its website and mobile apps transmitted member health information to third-party tech companies (Microsoft Bing, Google, X/Twitter). 13,426,869 individuals affected — second-largest healthcare breach of 2024. Data shared included names, IP addresses, sign-in status, health encyclopedia search terms (symptoms, drugs, conditions), and navigation behaviour. No SSNs, financial data, or login credentials involved. HHS OCR breach portal notification filed April 2024. $47.5 million settlement reached. Broader HIPAA web-tracking enforcement context: OCR had issued guidance in 2022 prohibiting use of tracking technologies that transmit PHI.