:

STATE HEALTH SITES LEAK DATA TO BIG TECH

INDUSTRY DESK2 MIN READ
MON, MAY 4, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

State healthcare websites have been sharing sensitive personal information including location data, race, and immigration status with Meta, TikTok, and other major tech companies. Privacy experts say current laws fail to protect users.

Multiple state healthcare sites are transmitting personal data to large technology platforms, raising significant privacy concerns. The shared information includes location history, racial demographics, and immigration status—details typically considered sensitive health-related information. The data flows occur through tracking tools and analytics embedded on state health websites. These tools, commonly used for measuring web traffic and user behavior, often send information to third-party companies including Meta and TikTok. States affected include those running their own healthcare marketplaces and enrollment systems. The practice appears widespread but largely undisclosed to users accessing these sites for health insurance information and enrollment. Current Privacy Gaps Existing privacy regulations like HIPAA do not adequately cover these data-sharing practices. HIPAA protects health information held directly by healthcare providers and insurers, but does not extend to state websites or the third-party tracking tools they employ. State privacy laws vary significantly in scope and enforcement. Many states lack specific regulations governing how personal information can be shared with tech platforms, leaving gaps in protection even where privacy laws exist. Industry Practice The integration of tracking and analytics tools on government health sites reflects broader industry practice. Many public websites use similar tools to monitor user engagement and traffic patterns. However, the sensitivity of health-related data—combined with the involvement of major social media platforms with significant advertising capabilities—distinguishes this situation from standard website analytics. Path Forward The issue highlights growing tension between government digital services and data privacy. Privacy advocates are calling for stronger regulations to restrict data sharing from health websites and greater transparency about tracking practices on government platforms. Some proposals include requiring explicit user consent before data sharing, limiting what types of information can be transmitted to third parties, and extending privacy protections to government health websites specifically.

■ SOURCES

Bloomberg Tech

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.

JUST NOWIndustry Desk

Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.

1H AGOIndustry Desk

Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.

1H AGOIndustry Desk

Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.

1H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.