Researchers have spotted a security lapse on the healthcare.gov site that leaves users vulnerable to data harvesting.
According to the researchers, the healthcare.gov site provides advertising networks with a litany of user data when it sends outside advertisers referral header information on users.
Among the items included in the string is age, zip code, state, smoking status, annual income, pregnancy status and parent status. Thus far, the data has been found to have been provided to at least 14 outside domains.
That data could then be collected by the advertising networks and used to target users with ads based on that information and data from tracking cookies.
EFF technologist Cooper Quintin said that for such information to be provided by the US government's healthcare healthcare portal was "negligent at best" and could be "potentially devastating" in the wrong hands.
"It's especially troubling that the U.S. government is sending personal information to commercial companies on a website that's touted as the place for people to obtain health care coverage," Quintin wrote.
"Even more troubling is the potential for companies like Doubleclick, Google, Twitter, Yahoo, and others to associate this data with a person's actual identity."
The official portal for the Affordable Care Act, healthcare.gov has been beset by technical difficulties ever since it first launched. The site has been plagued with launch delays, contractor woes and hacking breaches since it first went online in the fall of 2013. ®