Health Data Tracked And Used For Facebook Ads

Patterns has published a peer-reviewed study on data from digital tools related to health being tracked and used on Facebook for ad purposes. The following digital health tools used third-party ad trackers to follow patients online and market to them based on their activity:

  • Color Genomics
  • Myriad Genetics
  • Invitae
  • Health Union
  • Ciitizen

Yaric Shivek, VP of Product for Neosec had this comment:

     “There is always a balance between the requirement to market a product to prospects and the security of personal data. And in certain industries, like finance and healthcare this balance is governed by compliance and the requirement to protect personal data is paramount. Ad tracking is where this balance is problematic. Most of us wouldn’t install a piece of adware on our laptop, and yet it seems that ad trackers are installed on sensitive healthcare websites, giving advertisers visibility into our transactions on these websites. This seems to circumvent HIPAA compliance. You’d hope that security permissions are more orderly in the world of APIs, but while electronic health records (EHR) companies take protecting your sensitive healthcare data seriously, this data is often being insecurely disseminated by 3rd-party aggregators and apps, whose vulnerable APIs can be easily exploited. This connected world of APIs and apps is only as strong as the weakest link. What good is a bank safe, if your courier gets robbed the minute they walk out of the bank with your cash?”

Chris Olson, CEO of The Media Trust adds this comment:

     “Data privacy violations are one of many risks associated with unsupervised third-party code like ad trackers, content recommendation algorithms, shopping cart plugins, and more. Today, up to 90% of the code across consumer-facing websites is provided by third parties – even privacy-conscious companies are often unaware of their activities which can lead to data breaches, phishing attacks and worse.

Complacency is no longer an option – in the face of emerging data privacy legislation and rising cyber risk, organizations need to commit to the digital safety of their customers by taking control of their online domains and carefully vetting third-party vendors for risky activity. This is especially true for companies that collect sensitive and personally identifiable information (PII) like health data.”

Somehow I am not shocked that Facebook is in the middle of this as you are the product when you use Facebook. And it proves that more needs to be done to rein in Facebook’s activities so that everyone’s privacy is protected.

Leave a Reply

%d bloggers like this: