A new lawsuit is accusing Meta of using the medical data of people without permission.

The lawsuit alleges that Meta has unauthorized access to the private medical data of millions of people and that the company uses the data to conduct targeted medicine and treatment advertising on Facebook.

The lawsuit, filed last week in the Northern District of California, accuses U.S. hospitals of providing Meta with sensitive patient data and violating HIPAA.

The complaint accused some hospitals of using Meta’s Pixel, a tool that allows companies to measure and build audiences for ad campaigns to access patients’ password-protected portals and share sensitive health information that Meta then sold to Facebook advertisers.

The lawsuit accuses Meta of knowingly collecting sensitive medical information from health websites, even though the company’s policies prohibit advertisers from disclosing data that includes health, financial or other categories of sensitive information.

To substantiate the claims made, the complaint shares the experience of a Facebook user who began receiving targeted ads for heart and knee-related drugs that were posted on her private patient portal at the University of California, San Francisco Medical Center.

The sources for this piece include an article in BusinessInsider.