:

STATE HEALTH SITES LEAK DATA TO BIG TECH

INDUSTRY DESK2 MIN READ
MON, MAY 4, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

State healthcare websites have been sharing sensitive personal information including location data, race, and immigration status with Meta, TikTok, and other major tech companies. Privacy experts say current laws fail to protect users.

Multiple state healthcare sites are transmitting personal data to large technology platforms, raising significant privacy concerns. The shared information includes location history, racial demographics, and immigration status—details typically considered sensitive health-related information. The data flows occur through tracking tools and analytics embedded on state health websites. These tools, commonly used for measuring web traffic and user behavior, often send information to third-party companies including Meta and TikTok. States affected include those running their own healthcare marketplaces and enrollment systems. The practice appears widespread but largely undisclosed to users accessing these sites for health insurance information and enrollment. Current Privacy Gaps Existing privacy regulations like HIPAA do not adequately cover these data-sharing practices. HIPAA protects health information held directly by healthcare providers and insurers, but does not extend to state websites or the third-party tracking tools they employ. State privacy laws vary significantly in scope and enforcement. Many states lack specific regulations governing how personal information can be shared with tech platforms, leaving gaps in protection even where privacy laws exist. Industry Practice The integration of tracking and analytics tools on government health sites reflects broader industry practice. Many public websites use similar tools to monitor user engagement and traffic patterns. However, the sensitivity of health-related data—combined with the involvement of major social media platforms with significant advertising capabilities—distinguishes this situation from standard website analytics. Path Forward The issue highlights growing tension between government digital services and data privacy. Privacy advocates are calling for stronger regulations to restrict data sharing from health websites and greater transparency about tracking practices on government platforms. Some proposals include requiring explicit user consent before data sharing, limiting what types of information can be transmitted to third parties, and extending privacy protections to government health websites specifically.

■ SOURCES

Bloomberg Tech

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.