Is your health data safe online? What a recent privacy probe could mean for you
- Replies 0
In today’s digital world, managing your health often starts with a few clicks.
Whether it’s checking your coverage, renewing your plan, or refilling a prescription, online health portals have become an essential part of everyday life—especially for older adults who rely on Medicare or marketplace plans for vital care.
We trust these platforms to keep our personal information safe.
But what happens when that trust is broken?
A recent investigation has raised serious warning signs in California, where a nonprofit newsroom discovered that Covered California—the state’s official health insurance marketplace—may have unintentionally shared sensitive user data with LinkedIn, the professional networking site owned by Microsoft.
The findings suggest that private details, including pieces of Social Security numbers and information related to medical history, may have been transmitted through website tracking tools meant for marketing—not medical privacy.
According to the nonprofit newsroom The Markup, the data sharing occurred through "tracking tags" embedded in the Covered California website.
These tags were meant to help with marketing and analytics, but they also captured and transmitted deeply personal information, including:
All of this data may have been sent to LinkedIn via a tool called the Insight Tag, which, according to LinkedIn’s own policies, should never be placed on websites that collect sensitive personal information.
Covered California has called the data sharing "inadvertent."
The tracking tags were added as part of a campaign to better understand how visitors use the website.
The issue appears to have slipped through the cracks during a transition between marketing agencies earlier this year.
While most government websites use only a few trackers, Covered California reportedly had more than 60.
That’s significantly more than average—and enough to raise serious privacy concerns.
Online health portals are a lifeline for millions of Americans, especially those navigating public insurance programs like Medicare and the Affordable Care Act.
Americans share a lot of personal information through these systems—everything from Social Security numbers to medical history.
When that data is mishandled, the consequences can be serious:
Source: YouTube / Action News Now.
California Representative Kevin Kiley has formally called for a federal investigation into the matter.
In a letter to the Department of Health and Human Services (HHS), Kiley questioned whether Covered California’s actions violated the Health Insurance Portability and Accountability Act (HIPAA).
“Every American should have confidence that their personal health information is private,” Kiley wrote.
So far, HHS has not issued a public response.
Source: X / @KevinKileyCA.
In response to the incident, Covered California says it has:
The agency issued a public statement reaffirming its commitment to consumer privacy.
"Covered California is reviewing its entire website and information security and privacy protocols to ensure that no analytics tools are impermissibly collecting or sharing sensitive consumer information."
"Covered California is committed to safeguarding the confidential information and privacy of its consumers. The organization will share additional findings from this investigation as they become available."
If you’ve used Covered California or similar health insurance websites, here are a few steps to take:
This situation raises a larger issue—how much privacy are we giving up in exchange for the convenience of online tools?
As health services become more digital, the need for stronger safeguards becomes even more urgent.
Read next: Is your medical data safe? Millions may be at risk after major hospital cyberattack
Have you ever had a health data scare or found something suspicious on your insurance portal? Do you trust online health services with your information? Share your experience in the comments—your story might help someone else stay informed and protected.
Whether it’s checking your coverage, renewing your plan, or refilling a prescription, online health portals have become an essential part of everyday life—especially for older adults who rely on Medicare or marketplace plans for vital care.
We trust these platforms to keep our personal information safe.
But what happens when that trust is broken?
A recent investigation has raised serious warning signs in California, where a nonprofit newsroom discovered that Covered California—the state’s official health insurance marketplace—may have unintentionally shared sensitive user data with LinkedIn, the professional networking site owned by Microsoft.
The findings suggest that private details, including pieces of Social Security numbers and information related to medical history, may have been transmitted through website tracking tools meant for marketing—not medical privacy.
A recent investigation has sparked concern over how health data is handled on government websites—raising new questions about privacy and digital safety. Image Source: YouTube / Action News Now.
What happened?
According to the nonprofit newsroom The Markup, the data sharing occurred through "tracking tags" embedded in the Covered California website.
These tags were meant to help with marketing and analytics, but they also captured and transmitted deeply personal information, including:
- First names
- The last four digits of Social Security numbers
- Pregnancy status
- Other sensitive health information
All of this data may have been sent to LinkedIn via a tool called the Insight Tag, which, according to LinkedIn’s own policies, should never be placed on websites that collect sensitive personal information.
Also read: Heads up! This retail giant is sending out checks after major breach
Was this intentional?
Covered California has called the data sharing "inadvertent."
The tracking tags were added as part of a campaign to better understand how visitors use the website.
The issue appears to have slipped through the cracks during a transition between marketing agencies earlier this year.
While most government websites use only a few trackers, Covered California reportedly had more than 60.
That’s significantly more than average—and enough to raise serious privacy concerns.
Also read: Which messaging app won’t blow your cover? Expert weighs in after Trump team leak
Why it matters
Online health portals are a lifeline for millions of Americans, especially those navigating public insurance programs like Medicare and the Affordable Care Act.
Americans share a lot of personal information through these systems—everything from Social Security numbers to medical history.
When that data is mishandled, the consequences can be serious:
- Identity theft: Even partial Social Security numbers can be misused.
- Discrimination: Personal health data could be used by insurers, employers, or marketers in harmful ways.
- Loss of privacy: Once your information is shared or leaked, it's nearly impossible to fully retrieve or erase it.
Source: YouTube / Action News Now.
Also read: Food delivery service hit by data breach—is your personal information safe?
What lawmakers are saying
California Representative Kevin Kiley has formally called for a federal investigation into the matter.
In a letter to the Department of Health and Human Services (HHS), Kiley questioned whether Covered California’s actions violated the Health Insurance Portability and Accountability Act (HIPAA).
“Every American should have confidence that their personal health information is private,” Kiley wrote.
So far, HHS has not issued a public response.
Source: X / @KevinKileyCA.
Also read: Is your health harmed? Find out if you’re one of the million affected by the latest massive data breach!
What Covered California is doing now
In response to the incident, Covered California says it has:
- Disabled all advertising-related tracking tools
- Launched a full internal review of its website and privacy policies
- Promised to release additional findings as the investigation continues
The agency issued a public statement reaffirming its commitment to consumer privacy.
"Covered California is reviewing its entire website and information security and privacy protocols to ensure that no analytics tools are impermissibly collecting or sharing sensitive consumer information."
"Covered California is committed to safeguarding the confidential information and privacy of its consumers. The organization will share additional findings from this investigation as they become available."
Also read: 800,000 hit by major data breach: Is your personal information safe?
How you can protect yourself
If you’ve used Covered California or similar health insurance websites, here are a few steps to take:
- Monitor your accounts: Watch for suspicious activity or errors in your health insurance, financial accounts, or credit reports.
- Consider freezing your credit: This helps prevent new accounts from being opened in your name.
- Use secure websites only: Look for “https” in the web address and avoid entering sensitive data on suspicious-looking sites.
- Read privacy policies: Review how sites you use store and share your data.
- Ask questions: Contact your health insurance provider directly and ask what measures they take to protect your data.
This situation raises a larger issue—how much privacy are we giving up in exchange for the convenience of online tools?
As health services become more digital, the need for stronger safeguards becomes even more urgent.
Read next: Is your medical data safe? Millions may be at risk after major hospital cyberattack
Have you ever had a health data scare or found something suspicious on your insurance portal? Do you trust online health services with your information? Share your experience in the comments—your story might help someone else stay informed and protected.
