Analyzing Third-Party Data Leaks on EU Healthcare Websites

Abstract

<p>In the present-day web-based health services, users often reveal sensitive data concerning their health status. Specifically, this is often the case when using the search function in various online services. Users trust that their data stays confidential and private when using websites. However, at the same time, many online health services use third-party web analytics and other third-party services and libraries, which may put users’ sensitive data in jeopardy. In this study, we analyze 480 web-based health services in the EU area. We conduct a network traffic analysis of the data sent out to third-party services when using the studied health websites and provide an analysis of data leaks. We found that 60.2% of the studied websites leaked URLs without consent from the user. Moreover, 58.9% of the websites that had search functionality leaked search terms to third parties. Our study also highlights some regional disparities in website privacy. Our findings are a stark reminder of the current challenges in protecting users’ personal data in online health services. They highlight the urgent need for web developers and health website maintainers to reassess the used third-party services and fix the privacy issues.<br></p>