The internet has become a primary source of health information for many people. For example, the websites of many medical condition support associations, meant for people suffering from various medical conditions, contain information on different medical conditions, treatments, and general health advice. However, accessing such information can be a serious privacy threat for the end user. In this article, we study the privacy of the websites of 18 Finnish medical condition support associations. The websites were analyzed to find leakages of sensitive personal data to third parties. Our investigation concludes that 88.9% of the websites leaked potentially sensitive personal data to third parties, usually private corporations offering web analytics tools such as Google Analytics. Furthermore, we discovered that users are not adequately informed about these data processing activities. We suggest several measures to alleviate third-party data leaks on websites handling sensitive personal data.