:

HEALTHCARE MARKETPLACES SHARED RACE DATA WITH AD TECH

INDUSTRY DESK2 MIN READ
MON, MAY 4, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Virginia and Washington D.C. have paused data collection after Bloomberg revealed their health insurance marketplaces were sharing sensitive citizen and race information with advertising technology companies.

Health insurance marketplaces in Virginia and Washington D.C. transmitted personal data including citizenship status and racial information to ad tech firms, according to a Bloomberg investigation. Both jurisdictions have now suspended the practice. The marketplaces collected this demographic data as part of their standard enrollment processes. Rather than keeping the information private, they shared it with third-party advertising networks and data brokers. This enabled ad tech companies to target users based on their protected characteristics. The data sharing raised significant privacy and discrimination concerns. Healthcare information combined with racial and citizenship data creates detailed profiles that advertisers could use to discriminate against vulnerable populations. Such practices potentially violate federal health privacy laws and state consumer protection regulations. Virginia's marketplace was particularly aggressive in sharing data with multiple ad platforms. Washington D.C.'s system showed similar patterns. Neither jurisdiction had publicly disclosed these data sharing arrangements to consumers prior to the investigation. Following Bloomberg's reporting, both marketplaces halted the collection and transmission of citizenship and race data to third parties. State officials indicated they would review their data practices and implement stronger privacy protections. The incident highlights broader concerns about how government health platforms handle sensitive personal information. While healthcare providers are subject to strict privacy regulations under HIPAA, less clarity exists around how data brokers and ad tech companies can use demographic information obtained through health marketplaces. Healthcare experts and privacy advocates have called for stronger federal guidelines requiring state and federal marketplaces to restrict data sharing. The issue affects millions of Americans who use health insurance marketplaces during annual enrollment periods. Other state health insurance marketplaces have not yet confirmed whether they engage in similar data sharing practices. Congressional scrutiny of the issue is expected.

■ SOURCES

TechCrunchHacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

8H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.