Health Insurance Sites Shared Your Race and Citizenship With Advertisers

What Happened

State health insurance marketplaces in Virginia and Washington, D.C. were caught sharing highly sensitive personal information with advertising networks. These websites sent users' citizenship status and racial information directly to ad tech companies through hidden tracking pixels. This wasn't a hack or data breach. It was built into how these government websites operated.

The Details

When you visit a website to shop for health insurance, you expect that information to stay private. These state-run health marketplaces asked users to provide citizenship status and racial information as part of the enrollment process. But behind the scenes, tiny pieces of code called tracking pixels were sending that data to advertising companies.

These pixels work invisibly. You fill out a form on the health insurance website. The moment you click or move to the next page, the pixel fires off your information to third-party advertisers. These companies then build detailed profiles about you, which can be used for targeted advertising or sold to other data brokers.

This isn't just about seeing more ads. Citizenship and race data are extraordinarily sensitive. In the wrong hands, this information could be used for discrimination in housing, employment, or lending. It could also be exploited by scammers who use personal details to make their schemes more convincing.

Who Is Affected

Anyone who visited the Virginia or D.C. health insurance marketplace websites is potentially affected. This includes people who were simply browsing for information, not just those who completed enrollment.

Families who shopped for coverage during open enrollment periods are particularly at risk. If you entered information for multiple family members, including children, their data may have been shared as well. Immigrants and people of color face heightened risk because citizenship and race data can be weaponized for targeting or discrimination.

What You Should Do Right Now

1. Check if you used these marketplaces. Review your browsing history or email confirmations from Virginia's or D.C.'s health insurance websites from the past few years.

The Bigger Picture

This incident reveals a troubling truth about how government websites handle our data. Even organizations we're required to trust can fail to protect our privacy. The tracking pixel economy operates largely in the shadows, collecting data most people don't know they're sharing. As more of our lives move online, including essential services like healthcare enrollment, understanding where our data goes becomes a survival skill for families.

How GetCyberRight Can Help

Our GCR Data Shield tool is designed exactly for situations like this. It monitors where your personal information has been shared across advertising networks and data brokers. More importantly, it helps you submit removal requests to get your data deleted from these systems. Think of it as a watchdog that works 24/7 to track down your information and help you take it back. With health data now circulating in advertising networks, tools like Data Shield aren't optional anymore. They're essential protection for your family's privacy.