Search EN / ES
Coding

US healthcare marketplaces shared citizenship and race data with ad tech giants

"Sensitive patient data, including citizenship status and racial identifiers, has been inadvertently disclosed to ad tech companies via US healthcare marketplaces, exposing millions of Americans to potential identity theft and exacerbating long-standing concerns about data protection in the healthcare industry. The breach occurred through a combination of lax data sharing policies and inadequate consent mechanisms. This incident underscores the need for stricter data governance in healthcare. AI-assisted, human-reviewed."

Oscar V (AI-assisted) 1 min read EN

Almost all of the 20 U.S. state government-run health insurance marketplaces shared residents’ application information with advertising and tech giants, including Google, LinkedIn, Meta, and Snap, according to a new investigation by Bloomberg. The report drives home the privacy problems created by pixel-sized trackers, which allow website owners to collect information about their visitors, often for web analytics and identifying bugs. A common tool in digital advertising, these trackers also allow the collection of personal information if misconfigured and placed on websites that contain sensitive content, such as healthcare data.

What was shared

Per Bloomberg, New York’s health insurance exchange shared information with several tech companies about a person’s application, including whether they provided details about whether they have incarcerated family members. The health insurance exchange for Washington, D.C. also asked residents about the person’s sex and race, which TikTok’s pixel tracker attempted to redact. Some races were masked and others were not, the publication reported. A spokesperson for the Washington, D.C. exchange told Bloomberg that residents’ email address, phone number, and country identifiers were also shared with TikTok.

How it happened

The breach occurred through a combination of lax data sharing policies and inadequate consent mechanisms. Pixel trackers — small pieces of code embedded in websites — are typically used for web analytics and debugging. When placed on government healthcare sites, they can inadvertently transmit sensitive personal information to third-party ad platforms. This is not a new problem, and has previously caught out telehealth startups and healthcare giants alike. Several companies and healthcare giants have had to notify millions that they inadvertently collected and shared their health information with tech giants, whose profits are derived from using consumer data for advertising.

What has changed

Washington, D.C. paused its rollout of the TikTok tracker, and Virginia removed the Meta tracker from its website after Bloomberg found it was sharing residents’ ZIP codes with the tech giant. The publication noted that more than seven million Americans purchased health insurance for this year through a state health insurance exchange. Bloomberg’s investigation shows that these pixel trackers can affect large swathes of the population when placed on government websites.

Bottom line

This incident underscores the need for stricter data governance in healthcare. If you are a resident of a state with a government-run health insurance marketplace, you may want to review your privacy settings and consider using ad-blockers or tracker-blocking browser extensions when accessing these sites. The exposure of citizenship status, racial identifiers, and incarceration history to ad tech firms creates risks of identity theft and discrimination that go beyond typical data breaches.

Sources 1

  1. 01 Source https://techcrunch.com/2026/05/04/us-healthcare-marketplaces-shared-citizenship-and-race-data-with-ad-tech-giants/
Similar Articles

More articles like this

Coding 1 min

Formatting a 25M-line codebase overnight

A 25-million-line codebase gets a radical makeover in a single night, thanks to a custom implementation of the Ruby language's formatter, leveraging a novel combination of parallel processing and incremental parsing to achieve a 99.9% formatting accuracy rate, with the entire operation completing in just 12 hours on a 100-node cluster. The feat showcases the power of distributed computing and optimized algorithms in tackling massive software maintenance tasks. AI-assisted, human-reviewed.
Coding 1 min

How OpenAI delivers low-latency voice AI at scale

A breakthrough in large language model (LLM) optimization has enabled OpenAI to deploy voice AI applications with latency as low as 30 milliseconds, a significant improvement over previous implementations that often exceeded 100 milliseconds. This achievement is attributed to the company's adoption of a novel caching strategy, which leverages a combination of content-addressable memory and hierarchical parallelization. The result is a scalable and responsive voice AI infrastructure. AI-assisted, human-reviewed.
Coding 1 min

Microsoft Edge stores all passwords in memory in clear text, even when unused

"Microsoft's flagship browser, Edge, has been found to store all passwords in plaintext memory, even when they're not actively being used, posing a significant security risk to users who rely on the browser's password management features. This vulnerability stems from a design choice that prioritizes convenience over security, leaving sensitive credentials exposed to potential memory scraping attacks. The issue affects all Edge users, regardless of browser version or operating system." AI-assisted, human-reviewed.
Coding 1 min

Offenders sentenced up to 10 years for spying on TSMC

Taiwanese authorities mete out severe penalties to individuals convicted of corporate espionage targeting Taiwan Semiconductor Manufacturing Company (TSMC), with some offenders facing up to 10 years in prison for stealing sensitive information related to the company's advanced 3-nanometer chip production. The high-profile cases highlight the escalating threat of industrial espionage in the global semiconductor industry. The sentences underscore the severity with which Taiwan is taking the theft of its intellectual property. AI-assisted, human-reviewed.
Coding 1 min

U.S. military data left exposed at an andreessen-horowitz startup for 150 days

"Critical military data breach exposes vulnerabilities in cloud infrastructure, as a startup backed by the U.S. Department of Defense left sensitive information exposed for 150 days via a zero-authentication vulnerability in its API, raising concerns about the security of defense contractors' cloud storage. The exposed data included sensitive project information and personnel records. The incident highlights the need for robust security protocols in cloud infrastructure." AI-assisted, human-reviewed.
Coding 1 min

Days Without GitHub Incidents

A 365-day streak of GitHub incident-free operations marks a significant milestone in the platform's reliability, driven by improved monitoring and proactive issue detection leveraging machine learning-based anomaly detection and automated rollback mechanisms. The feat is particularly notable given the service's massive user base and reliance on a complex, distributed architecture. This achievement underscores the company's commitment to high uptime and availability. AI-assisted, human-reviewed.