Bloomberg Exclusive: Feroot Reveals Private Health Data Still Being Exposed to Big Tech.

17 October 2023

A recent investigation article by Bloomberg News, instigated by Feroot Security’s report,  has brought to light a disconcerting reality: our most sensitive health information might be exposed to the prying eyes of Big Tech, despite supposed safeguards. This revelation, based on a report by cybersecurity firm Feroot Security, exposes a disturbing breach of trust and privacy.

Feroot Security’s comprehensive analysis of hundreds of health-care and telehealth websites has uncovered that a staggering 86% of these sites are transferring data without user consent. Even more alarming is the finding that over 73% of login and registration pages, where our most confidential health data is entered, are infested with trackers. These digital watchdogs are not just passive observers; about 15% are actively collecting keystrokes, potentially capturing everything from Social Security numbers to medical diagnoses.

The culprits behind these tracking technologies are familiar names: Google, Microsoft, Meta Platforms Inc., and ByteDance, the parent company of TikTok. These trackers embed themselves into websites, quietly collecting data on user interactions, which is then utilized for analytics, marketing, and potentially more intrusive purposes.

This widespread data collection could signify a blatant violation of the Health Insurance Portability and Accountability Act (HIPAA), which protects sensitive patient health information from being disclosed without the patient’s consent or knowledge. If personal health information is indeed being harvested through these trackers, the implications are profound, suggesting a systemic failure to protect patient privacy.

In response to these allegations, representatives from Facebook, Google, and Microsoft have denied the misuse of their tracking technologies for collecting sensitive information. They assert that the onus is on site owners to ensure informed user consent and adherence to privacy regulations, including HIPAA. However, the real-world application of these policies, as Feroot CEO Ivan Tsarynny points out, paints a different picture.

The implications of this report are far-reaching, not only for individuals whose privacy may have been compromised but also for the healthcare providers and tech companies involved. The latter are now under scrutiny for their role in this privacy breach, raising questions about the effectiveness of their policies and the mechanisms in place to enforce them.

This investigation serves as a critical reminder of the ongoing challenges in safeguarding personal health information in the digital age. It underscores the need for stringent privacy protections, transparent data practices, and a collective effort from all stakeholders to uphold the sanctity of our personal health data. As we navigate through the complexities of digital health, let this report be a catalyst for change, prompting a reevaluation of how we protect and prioritize patient privacy in an increasingly connected world.