Your health information might feel private and secure with your doctor, but the reality is far more complicated. Data brokers collect a wide range of sensitive health data, from diagnoses and prescription details to personal identifiers, and sell this data to marketers, insurers, and other third parties. These buyers use the information to target ads, adjust insurance premiums, or even for purposes you might not expect. Understanding who holds your health data and how it’s used and shared is crucial to protecting your privacy.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.

Massive health data breaches are fueling the data broker industry

You might think your health data is safe with your doctor. But what if I told you total strangers might know when you last Googled “early signs of dementia” or filled a prescription for anxiety meds, and they’re selling that to whoever is willing to pay for it? A recent data breach at Yale New Haven Health, Connecticut’s largest healthcare system, exposed sensitive information on 5.5 million people. And it’s not an isolated incident; new research shows that since 2020, approximately 94.5 million Americans may have had their Social Security numbers stolen during health data breaches. The scary part is that data brokers collect and sell the names, addresses, and prescribed medications of patients diagnosed with mental health disorders to marketers on a large scale. How much is your medical information worth? Data brokers can sell it for as little as $0.06 per record. Let’s break down what these data brokers know, who they’re selling it to, and why it matters for you, your family, and especially vulnerable groups like seniors.

CUSTOM DATA REMOVAL: WHY IT MATTERS FOR PERSONAL INFO ONLINE

What types of health information are data brokers selling?

There’s a difference between protected health information, the kind your doctor and health insurer have to keep private, thanks to HIPAA, and the health-adjacent data you leave behind everywhere else.

Data brokers typically don’t have access to your official medical records. But they’re not regulated under HIPAA or any other laws, so they can legally collect:

• Fitness app data: Step counts, heart rate, calories burned.
• Symptom-related Google searches: Even “early signs of dementia” or “knee pain at night.”
• Pharmacy purchases: Both prescriptions and over-the-counter medications.
• Wellness quizzes and online forms: Those “What’s your biological age?” surveys aren’t just for fun.
• Social media posts and likes: Public posts about health topics, comments in support groups.
• Location data: Visits to clinics, pharmacies, or addiction recovery centers.

And it doesn’t stop there. Non-health data, like where you shop or the ads you click, gets combined to build a disturbingly accurate health profile.

WHAT HACKERS CAN LEARN ABOUT YOU FROM A DATA BROKER FILE 

Why selling your health data is more dangerous than you think

This isn’t harmless marketing data. When health information lands in the wrong hands, it creates real risks:

• Higher insurance premiums or limited coverage based on inferred health risks.
• Scams targeting seniors and vulnerable groups use lists of people flagged for dementia, heart disease, or other conditions.
• Privacy violations, exposing sensitive details like mental health struggles or fertility treatments.
• Discrimination in hiring, housing, or services based on health-related data.
• Resale to unknown third parties, making it impossible to control once it’s out there.

And it’s not just marketers. A recent government-backed autism study led by Robert F. Kennedy Jr. sparked outrage after it was revealed that private health data was collected from federal and commercial databases without clear safeguards.  Security experts warn that this kind of large-scale data collection runs the risk of exposing deeply personal information with little oversight.

THINK YOU CAN DELETE YOUR OWN DATA? WHY IT’S HARDER THAN YOU THINK 

8 ways to protect your health data from data brokers

Worried about who has access to your health data? While you can’t control every breach or broker, you can take steps to limit what’s collected, shared, and sold. Here’s how to take back control of your digital health footprint-starting today.

1) Use a personal data removal service: Data brokers collect and sell sensitive health information, including diagnoses, prescriptions, and personal identifiers, to marketers, insurers, and other third parties. This means details about your pharmacy purchases, symptom-related searches, and more could be circulating without your knowledge. A personal data removal service can help you take back control. This is one of the most effective ways to safeguard your privacy and protect yourself and your family from risks like scams, higher insurance premiums, and discrimination.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap – and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

Get a free scan to find out if your personal information is already out on the web

2) Audit your apps and privacy settings: Health and fitness apps collect more than you realize. Delete the ones you don’t trust and check permissions on the rest

3) Be wary of free health quizzes and symptom checkers: If a site asks for personal details in exchange for “insights,” assume it’s monetizing your answers. Consult your doctor, not a clickbait quiz.

4) Limit data sharing beyond healthcare providers: Only provide necessary information when signing up for health-related services or apps. Be wary of sharing health details on social media or in public forums, as these can be scraped by data brokers.

5) Request data minimization from providers: Ask your healthcare providers to collect and store only the minimum amount of personal information necessary for your care, reducing the risk if their systems are compromised.

6) Use strong antivirus software: Strong antivirus software acts as a shield, protecting your devices from malware, ransomware, and other cyber threats that could compromise your personal health data. Choose a reputable solution that offers real-time threat detection, regular updates, and robust protection for all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Keeping your antivirus up to date is crucial for blocking malicious links and downloads before they can do harm. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.

7) Regularly update your software: Cyber threats targeting health data are constantly evolving, and outdated software can leave your devices vulnerable to attacks that expose your sensitive information. Keeping your operating system, apps, antivirus, and security tools up to date ensures you have the latest protections against malware, ransomware, and other exploits that data brokers or hackers might use to access your health information. Regular updates patch security holes before they can be exploited, helping to prevent breaches like those that have exposed millions of Americans’ health details in recent years.

8) Use strong and unique passwords: Your health data is often protected by passwords on apps, portals, and devices. Using strong, unique passwords for each account reduces the risk that a single breach could give someone access to multiple sources of your personal information. Avoid common or reused passwords, and consider using a password manager to generate and store complex passwords securely. This step is crucial because once your login credentials are compromised, data brokers or cybercriminals can gather and sell your health-related data, leading to privacy violations, discrimination, or targeted scams. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 

Kurt’s key takeaways

Your health should be personal, but in today’s digital world, that privacy is constantly under threat. Even if you’re cautious, your health-related information can be collected, analyzed, and sold without your clear consent. The good news is that you can take real steps to reduce your exposure and protect what matters. This isn’t about fear; it’s about staying informed and taking control of your digital footprint.

Should lawmakers and tech companies be doing more to protect our health data, or is it all on us to safeguard our own privacy? Let us know by writing to us at Cyberguy.com/Contact. 

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.