The breaches at Community Health Systems and Anthem, Inc. serve as prime examples of how valuable health care data can be to cybercriminals, but a recent study suggested that these intrusions should not be the only cause for concern for consumers.
A study conducted by Timothy Libert, a doctoral student at the University of Pennsylvania's Annenberg School for Communication found that nine out of ten health-related websites expose information regarding visitors' health interests with third parties.
The websites included in the study, titled “Privacy Implications of Health Information Seeking on the Web,” are non-profit, educational, commercial, and government-run. Sites such as WebMD, send data to up to 34 separate domains, according to a video by Libert on the study.
Using a tool he created that tracks HTTP requests initiated with third-party advertisers and data brokers, Libert was able to analyze 80,000 health-related web pages.
According to his findings, 91 percent of the sites initiated requests to third-parties and 70 percent included data on specific “symptoms, treatment, or diseases.”
Those on the receiving end of the information included advertisers such as Google – which collected data from 78 percent of the pages, comScore (38 percent) and Facebook (31 percent), in addition to data brokers Experian and Acxiom.
The findings suggest that the privacy of users may be at risk seeing as this data can be sold by data brokers legally, which further increases spreads the personal information, thus increasing the risk of compromise.
Additionally, thanks to current marketing technology, consumers While the Federal Trade Commission has advocated legislation to regulate the use of tools that many marketers and data brokers use to collect and sell consumer data, there is currently little oversight.
“Personal health information – historically protected by Hippocratic Oath – has suddenly become the property of privacy corporations who may sell it to the highest bidder or accidentally misuse it to discriminate against the ill,” Libert said in a release by the university. “As health information seeking has moved online, the privacy of a doctor's office has been traded in for the silent intrusion of behavioral tracking.”