HealthCare.gov is sharing patient data with marketers

HealthCare.gov’s camaraderie with Marketers Revealed – Apparently the US federal Website has been sharing Patient Data with Marketers.

The United States’ federal website HealthCare.gov reportedly has been leaking the personal data of its consumers to advertising and marketing purveyors. This website is responsible for making registrations and selecting consumers for health insurance under the Affordable Care Act.

The News:

The issue was exposed by the Associated Press, according to which, connections to approximately dozens of third-party online advertising and tech companies has already been confirmed. These companies are collecting different sorts of information such as age, salary, ZIP code and details about consumers’ health like if someone smokes or not and/or is a woman pregnant. Furthermore, the data gathered also include IP addresses, which may be used to retrieve an individual’s brick-and-mortar username or address after cross-referencing with cookies.

healthcare-gov-is-sharing-patient-data-with-marketers

According to Sens. Orrin Hatch, R-Utah, and Charles Grassley, R-Iowa, “This new information is extremely concerning, not only because it violates the privacy of millions of Americans, but because it may potentially compromise their security.”

Obama’s Version:

Obama administration, on the other hand, has denied any such occurrence and maintains that no mishandling or selling of consumers’ data to the marketers has happened. Obama administration’s spokesperson, Aaron Albright states that the data is being collected just for the sake of customer service analysis and to further improve the users experience at HealthCare.gov.

While talking to AP, Albright explained that “they are prohibited from using information from these tools on HealthCare.gov for their companies’ purposes.” The data is only gathered by the government to measure the overall performance of their website HealthCare.gov just so users receive “a simpler, more streamlined and intuitive experience.”

Time to Tighten up User Data Security:

Even if Albright’s version is true, it would be wise to use advanced measures like encryption to de-identify all sorts of sensitive data, suggests Voltage Security’s chief security architect Luther Martin. If this is done, then this data will serve as a goldmine for hackers considering the type of usable information it contains.

Martin says, “Once the sensitive information is encrypted, it’s of no value to hackers: even if they somehow manage to get their hands on it, it’s useless gibberish to them. This can be the difference between a hacker getting information like ‘parent=&pregnant=1’ and getting information like ‘nebrneeanepevayspn.’ One leaks sensitive information, while the other does not.”


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.