Washington, Virginia and New Mexico health sites remove ad trackers
Updated
Updated · Bloomberg · May 4
Washington, Virginia and New Mexico health sites remove ad trackers
4 articles · Updated · Bloomberg · May 4
Bloomberg found nearly all 20 state-run exchanges and Washington, DC shared data; more than 7 million Americans bought 2026 coverage through them.
Data sent to Meta, TikTok, Google, LinkedIn and Snap included race, sex, citizenship, ZIP codes and visits to pages about incarceration, Medicaid, DACA recipients and zero-dollar income.
No federal privacy law covers these exchanges, while Healthcare.gov and California do not use such trackers; experts say patchy state rules and weak filtering leave sensitive health-related browsing exposed.
Your state health exchange shared your data with TikTok. Can public services exist online without commercial surveillance?
Your race and health concerns were sent to advertisers. How can you reclaim control over your digital identity?
HIPAA doesn't protect your insurance application data. Is a new federal privacy law the only real solution?
The Hidden Health Data Crisis: Unauthorized Sharing of Patient Information on State Insurance Websites
Overview
Between 2023 and 2025, multiple state health exchanges and healthcare organizations embedded advertising trackers on their websites, causing sensitive health information—such as prescriptions, disabilities, and pregnancy status—to be shared with major tech companies like Google, LinkedIn, and Snapchat. Investigations by media outlets revealed these privacy breaches, prompting implicated states to remove trackers and triggering legal challenges, especially in California. These disclosures exposed individuals to risks like discrimination and identity theft, leading to increased regulatory enforcement by agencies like HHS and the FTC. In response, states like Washington enacted stronger privacy laws, while experts call for comprehensive federal legislation and better transparency to protect health data in the digital age.