US Healthcare Marketplaces Leaked Citizenship and Race Data to Ad Tech Giants

A new investigation by Bloomberg has uncovered a sweeping privacy breach: almost all of the 20 U.S. state-run health insurance marketplaces transmitted residents’ citizenship and race data to advertising technology giants, including Google, LinkedIn, Meta, and Snap. The report highlights how pixel-sized trackers, common tools for web analytics, were misconfigured on sensitive government websites, exposing personal health application details to third-party platforms.

How Pixel Trackers Exposed Citizenship and Race Data

These tiny trackers, often invisible to users, are designed to help website owners understand visitor behavior and fix bugs. However, when placed on pages containing sensitive information—such as healthcare applications—they can inadvertently collect and share personal data. According to Bloomberg, New York’s health insurance exchange shared information about applicants’ incarcerated family members with several tech companies. Meanwhile, Washington, D.C.’s exchange asked residents about their sex and race, and TikTok’s pixel tracker attempted to redact some of this data but failed to mask all racial identifiers.

Washington, D.C. and Virginia Respond

After Bloomberg’s findings, Washington, D.C. paused its rollout of the TikTok tracker. Virginia went a step further by removing Meta’s tracker from its website after discovering it was sharing residents’ ZIP codes with the social media giant. A spokesperson for the D.C. exchange confirmed that email addresses, phone numbers, and country identifiers were also transmitted to TikTok.

This Is Not a New Problem in Healthcare Data Privacy

Unfortunately, this is not an isolated incident. Similar issues have plagued telehealth startups and large healthcare organizations for years. Several companies have had to notify millions of patients that their health information was inadvertently collected and shared with ad tech firms, whose business models depend on monetizing consumer data. However, Bloomberg’s investigation underscores a new dimension: when these trackers appear on government-run marketplaces, the potential impact is massive. More than seven million Americans purchased health insurance through state exchanges this year alone.

What This Means for Consumers and Policymakers

For individuals, this breach of citizenship and race data raises serious questions about trust in government digital services. If your personal health application details—including sensitive demographic information—can be sent to advertising platforms without your knowledge, the very concept of privacy in healthcare is undermined. Policymakers must now grapple with enforcing stricter regulations on pixel trackers, especially on sites handling protected health information. Learn more about protecting your healthcare data online.

Steps to Protect Your Information

While the responsibility largely falls on institutions, consumers can take some precautions. Use privacy-focused browser extensions that block trackers, review the privacy policies of healthcare websites, and consider using virtual private networks (VPNs) when accessing sensitive portals. Additionally, check if your personal data has been exposed in recent breaches. For a deeper dive into how ad tech companies handle user data, read our explainer on ad tech data collection practices.

In conclusion, the Bloomberg investigation serves as a stark reminder that even government-run platforms are vulnerable to privacy lapses. As more Americans rely on state insurance exchanges, ensuring the security of citizenship and race data must become a top priority for regulators and tech companies alike.