Health Marketplaces Were Sharing Your Personal Data with Advertisers

What Happened

Healthcare marketplaces in Virginia and Washington, D.C. were quietly sharing sensitive user information with advertising technology companies. Bloomberg News uncovered that these government-run health insurance websites transmitted data including citizenship status and race information to ad tech firms. The practice stopped only after journalists exposed it publicly.

The Details

When people visited these health marketplace websites to shop for insurance coverage, tracking code embedded in the sites captured their personal information. This wasn't just basic browsing data. The systems collected and transmitted sensitive details that many families assumed would remain private on government health websites.

The data sharing happened through common advertising and analytics tools that many websites use. These tools help site owners understand visitor behavior and target ads. However, when placed on healthcare sites handling applications for insurance coverage, they accessed information people provide specifically for health and government purposes.

Most families had no idea this sharing was happening. There were no clear disclosures or consent requests before their citizenship status and racial information went to third-party advertising companies. The marketplaces likely didn't intend harm, but the privacy gap was real and significant.

Who Is Affected

Anyone who visited or created accounts on the Virginia or D.C. health insurance marketplaces is potentially affected. This includes families shopping for coverage, people checking eligibility, and individuals updating their insurance information during open enrollment periods.

This matters especially for immigrant families, people of color, and anyone concerned about how their sensitive demographic information gets used. Citizenship and race data in the wrong hands could enable discriminatory targeting or be combined with other data to build invasive profiles.

What You Should Do Right Now

1. Review your healthcare marketplace account settings if you used Virginia or D.C. sites. Log in and check what privacy options are available under account preferences or settings.

The Bigger Picture

This incident reveals how deeply advertising technology has penetrated even spaces we expect to be private. Government websites handling sensitive personal information should maintain the highest privacy standards. When they don't, it erodes trust and puts families at risk. Staying informed about these breaches helps you protect your information and demand better practices from the institutions that collect your data.

How GetCyberRight Can Help

Our Identity Theft Prevention Checklist walks you through managing privacy settings across government portals, healthcare sites, and other sensitive platforms. It provides step-by-step guidance on preventing unauthorized data sharing and protecting your family's personal information. The checklist helps you take control of who sees your data and how it gets used, so you're not left vulnerable to practices like those discovered in Virginia and D.C.