Health data leaks to third parties in web-based health services

: Rauti, Sampsa; Carlsson, Robin; Laato, Samuli; Heino, Timi; Puhtila, Panu; Leppänen, Ville

: Kasurinen, Jussi; Päivärinta, Tero; Vartiainen, Tero

: Annual Doctoral Symposium of Computer Science

Publisher: CEUR-WS

: 2024

: CEUR Workshop Proceedings

: TKTP 2024: Annual Doctoral Symposium for Computer Science 2024: Proceedings of the 41 st Doctoral Symposium of the Finnish Society for Computer Science

: CEUR Workshop Proceedings

: 3776

: 117

: 121

: 1613-0073

: https://ceur-ws.org/Vol-3776/shortpaper10.pdf(external)

: https://research.utu.fi/converis/portal/detail/Publication/458969247(external)

Today, users may share sensitive health data on web-based health services. We rely on these services to keep our data safe and secured, but this is not always the case. Therefore, this study investigates the privacy of a snapshot of 10 Finnish web-based health services, providing an analysis of health data leaks. We show that all analyzed services leaked at least some kind of personal data to third parties – from topics of visited pages to details on appointment bookings. While the situation has improved after we have notified the health service providers about this issue, the study serves as a reminder of the ongoing challenges in protecting user privacy in online health services and highlights the pressing need to address these issues.

shortpaper10.pdf

:
This research has been funded by Academy of Finland project 327397, IDA – Intimacy in Data-Driven Culture