U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter).

In a statement shared with TechCrunch, Kaiser said that it conducted an investigation that found “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

Kaiser is the latest healthcare organization to confirm it shared patients’ personal information with third-party advertisers by way of online tracking code, often embedded in web pages and mobile apps and designed to collect information about users’ online activity for analytics. Over the past year, telehealth startups Cerebral, Monument and Tempest have pulled tracking code from their apps that shared patients’ personal and health information with advertisers.