Data breaches

Google, Ascension analyzing data without patients' knowledge

Google's multi-color logo with lights shining underneath it.
Google and Ascension are calling it "health care transformation." Photo: Lyu Liang/VCG via Getty Images

Not-for-profit hospital system Ascension has allowed Google to access a wide array of patient data, including names and diagnoses, but did not notify patients or doctors about their secret data project until the Wall Street Journal reported the story today.

Why it matters: This exchange of sensitive medical information is technically legal under federal law that protects patient health information, as long as Google is contracted as a "business associate" with Ascension.

Go deeper: What your hospital knows about you

Why hospitals are a weak spot in U.S. cybersecurity

In this illustration, two surgeons perform an operation while a crosshair is seen over both of them.
Illustration: Rebecca Zisser/Axios

Over 32 million people have had their protected health information breached this year, in 311 hacking incidents against health care providers that are under investigation by the Department of Health and Human Services.

The big picture: Complex, bloated hospital systems are a glaring weak spot in U.S. cybersecurity — and there are limits on the government's power to help.