Health data leaks to third parties in web-based health services




Rauti, Sampsa; Carlsson, Robin; Laato, Samuli; Heino, Timi; Puhtila, Panu; Leppänen, Ville

Kasurinen, Jussi; Päivärinta, Tero; Vartiainen, Tero

Annual Doctoral Symposium of Computer Science

PublisherCEUR-WS

2024

CEUR Workshop Proceedings

TKTP 2024: Annual Doctoral Symposium for Computer Science 2024: Proceedings of the 41 st Doctoral Symposium of the Finnish Society for Computer Science

CEUR Workshop Proceedings

3776

117

121

1613-0073

https://ceur-ws.org/Vol-3776/shortpaper10.pdf(external)

https://research.utu.fi/converis/portal/detail/Publication/458969247(external)



Today, users may share sensitive health data on web-based health services. We rely on these services to keep our data safe and secured, but this is not always the case. Therefore, this study investigates the privacy of a snapshot of 10 Finnish web-based health services, providing an analysis of health data leaks. We show that all analyzed services leaked at least some kind of personal data to third parties – from topics of visited pages to details on appointment bookings. While the situation has improved after we have notified the health service providers about this issue, the study serves as a reminder of the ongoing challenges in protecting user privacy in online health services and highlights the pressing need to address these issues.


This research has been funded by Academy of Finland project 327397, IDA – Intimacy in Data-Driven Culture


Last updated on 2025-27-01 at 19:50