Your health information might feel private and secure with your doctor, but the reality is far more complicated. Data brokers collect a wide range of sensitive health data, from diagnoses and prescription details to personal identifiers, and sell this data to marketers, insurers, and other third parties. These buyers use the information to target ads, adjust insurance premiums, or even for purposes you might not expect. Understanding who holds your health data and how it’s used and shared is crucial to protecting your privacy.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.

Massive health data breaches are fueling the data broker industry

You might think your health data is safe with your doctor. But what if I told you total strangers might know when you last Googled “early signs of dementia” or filled a prescription for anxiety meds, and they’re selling that to whoever is willing to pay for it? A recent data breach at Yale New Haven Health, Connecticut’s largest healthcare system, exposed sensitive information on 5.5 million people. And it’s not an isolated incident; new research shows that since 2020, approximately 94.5 million Americans may have had their Social Security numbers stolen during health data breaches. The scary part is that data brokers collect and sell the names, addresses, and prescribed medications of patients diagnosed with mental health disorders to marketers on a large scale. How much is your medical information worth? Data brokers can sell it for as little as $0.06 per record. Let’s break down what these data brokers know, who they’re selling it to, and why it matters for you, your family, and especially vulnerable groups like seniors.

Illustration of a medical record. (Kurt “CyberGuy” Knutsson)

CUSTOM DATA REMOVAL: WHY IT MATTERS FOR PERSONAL INFO ONLINE

What types of health information are data brokers selling?

There’s a difference between protected health information, the kind your doctor and health insurer have to keep private, thanks to HIPAA, and the health-adjacent data you leave behind everywhere else.

Data brokers typically don’t have access to your official medical records. But they’re not regulated under HIPAA or any other laws, so they can legally collect:

• Fitness app data: Step counts, heart rate, calories burned.
• Symptom-related Google searches: Even “early signs of dementia” or “knee pain at night.”
• Pharmacy purchases: Both prescriptions and over-the-counter medications.
• Wellness quizzes and online forms: Those “What’s your biological age?” surveys aren’t just for fun.
• Social media posts and likes: Public posts about health topics, comments in support groups.
• Location data: Visits to clinics, pharmacies, or addiction recovery centers.

And it doesn’t stop there. Non-health data, like where you shop or the ads you click, gets combined to build a disturbingly accurate health profile.

A woman using a health app to keep track of pills (Kurt “CyberGuy” Knutsson)

WHAT HACKERS CAN LEARN ABOUT YOU FROM A DATA BROKER FILE 

Why selling your health data is more dangerous than you think

This isn’t harmless marketing data. When health information lands in the wrong hands, it creates real risks:

• Higher insurance premiums or limited coverage based on inferred health risks.
• Scams targeting seniors and vulnerable groups use lists of people flagged for dementia, heart disease, or other conditions.
• Privacy violations, exposing sensitive details like mental health struggles or fertility treatments.
• Discrimination in hiring, housing, or services based on health-related data.
• Resale to unknown third parties, making it impossible to control once it’s out there.

And it’s not just marketers. A recent government-backed autism study led by Robert F. Kennedy Jr. sparked outrage after it was revealed that private health data was collected from federal and commercial databases without clear safeguards.  Security experts warn that this kind of large-scale data collection runs the risk of exposing deeply personal information with little oversight.

A healthcare professional looking at health data on a tablet. (Kurt “CyberGuy” Knutsson)

THINK YOU CAN DELETE YOUR OWN DATA? WHY IT’S HARDER THAN YOU THINK 

8 ways to protect your health data from data brokers

Worried about who has access to your health data? While you can’t control every breach or broker, you can take steps to limit what’s collected, shared, and sold. Here’s how to take back control of your digital health footprint-starting today.

1) Use a personal data removal service: Data brokers collect and sell sensitive health information, including diagnoses, prescriptions, and personal identifiers, to marketers, insurers, and other third parties. This means details about your pharmacy purchases, symptom-related searches, and more could be circulating without your knowledge. A personal data removal service can help you take back control. This is one of the most effective ways to safeguard your privacy and protect yourself and your family from risks like scams, higher insurance premiums, and discrimination.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap – and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

Get a free scan to find out if your personal information is already out on the web

2) Audit your apps and privacy settings: Health and fitness apps collect more than you realize. Delete the ones you don’t trust and check permissions on the rest

3) Be wary of free health quizzes and symptom checkers: If a site asks for personal details in exchange for “insights,” assume it’s monetizing your answers. Consult your doctor, not a clickbait quiz.

4) Limit data sharing beyond healthcare providers: Only provide necessary information when signing up for health-related services or apps. Be wary of sharing health details on social media or in public forums, as these can be scraped by data brokers.

5) Request data minimization from providers: Ask your healthcare providers to collect and store only the minimum amount of personal information necessary for your care, reducing the risk if their systems are compromised.

6) Use strong antivirus software: Strong antivirus software acts as a shield, protecting your devices from malware, ransomware, and other cyber threats that could compromise your personal health data. Choose a reputable solution that offers real-time threat detection, regular updates, and robust protection for all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Keeping your antivirus up to date is crucial for blocking malicious links and downloads before they can do harm. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.

7) Regularly update your software: Cyber threats targeting health data are constantly evolving, and outdated software can leave your devices vulnerable to attacks that expose your sensitive information. Keeping your operating system, apps, antivirus, and security tools up to date ensures you have the latest protections against malware, ransomware, and other exploits that data brokers or hackers might use to access your health information. Regular updates patch security holes before they can be exploited, helping to prevent breaches like those that have exposed millions of Americans’ health details in recent years.

8) Use strong and unique passwords: Your health data is often protected by passwords on apps, portals, and devices. Using strong, unique passwords for each account reduces the risk that a single breach could give someone access to multiple sources of your personal information. Avoid common or reused passwords, and consider using a password manager to generate and store complex passwords securely. This step is crucial because once your login credentials are compromised, data brokers or cybercriminals can gather and sell your health-related data, leading to privacy violations, discrimination, or targeted scams. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 

Kurt’s key takeaways

Your health should be personal, but in today’s digital world, that privacy is constantly under threat. Even if you’re cautious, your health-related information can be collected, analyzed, and sold without your clear consent. The good news is that you can take real steps to reduce your exposure and protect what matters. This isn’t about fear; it’s about staying informed and taking control of your digital footprint.

Should lawmakers and tech companies be doing more to protect our health data, or is it all on us to safeguard our own privacy? Let us know by writing to us at Cyberguy.com/Contact. 

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Samsung’s summer Unpacked is officially on, starting at 10AM ET on Wednesday, July 9th. The invitation features a jazzy little bop and the words “Ultra Unfolds,” so I think it’s safe to assume we’re getting that foldable Ultra phone the company previously hinted at.

The invitation seems to suggest a thinner device, or at least that’s how I’m reading it. That would line up with some of the rumors, and super-thin foldables has certainly been a trend so far this year. I’ve wedged plenty of chunky foldables into the side pocket of my yoga pants, so I for one would welcome this development.

Per usual, Samsung is offering a little incentive to reserve a device for pre-order ahead of the big reveal: $50 in credit to use at Samsung.com. That’ll cover a chunk of the cost of a case for a foldable phone, which run between $85 and $100 for the Galaxy Z Fold 6 on Samsung’s website right now. If the Ultra comes with an Ultra price tag, it might be worth shelling out a little more to protect it from the wear and tear of daily use. Just a little free advice.

Lately, I’ve had way too many calls on my shows from people who have lost thousands (sometimes hundreds of thousands) to scams. These are so cleverly evil, it’s like Ocean’s Eleven but starring a dude with three Instagram followers and a ChatGPT subscription. 

Last chance to enter to win $500 in giveaway. Enter now!

You see, we’re way past scam emails from sketchy Nigerian princes. Today’s scams are slick, personalized and powered by scary-good tech like AI voice cloning and deepfakes. And yep, people fall for them every single day.

DON’T SCAM YOURSELF WITH THE TRICKS HACKERS DON’T WANT ME TO SHARE

Here are today’s scummy front-runners, plus how to protect your cash, pride and sanity:

1. The AI voice clone

This one’s horrifying because it sounds like someone you trust. Scammers grab a clip of your child’s, spouse’s, boss’ voice from social media, podcasts or even your voicemail.

Then they call your mom, your grandpa, your partner: “Hi, it’s me. I’m in big trouble. I need money. Don’t tell anyone.” It’s not them. It’s AI. And it works because it feels real. 

Anthony in Los Angeles was deceived by scammers who used AI to replicate his son’s voice. Believing his son was in distress, Anthony transferred $25,000 to the fraudsters.

If you get a call like this, call or text the person. Try someone they live or work with.

IF YOU DON’T KNOW ABOUT THESE VIDEO TOOLS, YOU’RE ALREADY BEHIND

 2. ‘Your bank account’s frozen’

You get a text or call from your “bank,” and the number looks legit. They say your account is locked due to suspicious activity and you need to confirm your info.

Stop right there. That link? Fake. The person on the phone? Also fake. 

Charles in Iowa lost over $300,000. Always open your bank’s app or type the web address in yourself. Never tap the link they send.

Phony claims of frozen bank accounts and crypto-crazy online “friends” are other ways scammers have found to cause financial grief. (iStock)

3.  Crypto investment ‘friend’

This starts on Instagram, Facebook or LinkedIn. Someone friends you, chats you up, gains your trust, then casually mentions they’re making a fortune in crypto.

They even offer to show you how. Suddenly you’re handing over money or access to a wallet, and poof, it’s gone. A couple in Georgia lost $800,000 after falling victim to a cryptocurrency scam. Just because someone’s friendly doesn’t mean they’re honest.

Don’t fall for a stranger friending you on social media. If you’re lonely, volunteer somewhere.

THE $40K SCAM THAT ALMOST GOT ME + 3 MORE SPREADING NOW

4. Gold bar scam

You get a call from someone claiming to be with the FBI or your bank’s fraud team. They say your money’s at risk, and you need to withdraw it, convert it into gold bars and turn it over for “safekeeping.”

A 72-year-old retiree from New Hampshire was scammed into purchasing $3.1 million worth of gold bars and turned it over to the scammer. Yes, it sounds insane, but it’s happening, and people are losing everything. Come on, you know that real law enforcement doesn’t operate this way.

Calls claiming you need to convert money to gold are an out-there, but real, threat. (JUNG YEON-JE/AFP via Getty Images)

5. Vet emergency

A neighbor’s crying. Your dog’s been hit by a car. They rushed your fur baby to the vet and paid the bill. You owe them $1,200. But wait … your pup is fine, snoring on the couch. 

You’ve been pet-shamed into Venmoing a scammer.

If any of this sounds familiar, your gut is whispering danger or you’re not sure what might be happening in a situation, reach out to me. I’ll help you figure out what’s real and what’s a scam. Better to ask than get burned. I won’t judge you, I promise.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.