Most people are well aware at this stage that their activity is being observed on just about every website and platform they visit. But if there is only one place you would hope might be free of invasive trackers, it’d be healthcare exchanges operated by state governments. Don’t get those hopes up. According to a report from Bloomberg, all 20 state-run healthcare marketplaces include advertising trackers that share information with Big Tech companies.
Per the report, seven million Americans bought their health insurance through state exchanges in 2026, and many of them may have had personal information shared with companies, including Meta, TikTok, Snap, Google, Nextdoor, and LinkedIn, among others. Some of the data collected and shared with those companies included ZIP codes, a person’s sex and citizenship status, and race.
In addition to potentially sensitive biographical details about a person, the trackers also may reveal additional details about their life based on the sites they visit. For instance, Bloomberg found trackers on Medicaid-related web pages in Rhode Island, which could reveal information about a person’s financial status and need for assistance. In Maryland, a Spanish-language page titled “Good News for Noncitizen Pregnant Marylanders” and a page designed to help DACA recipients navigate their healthcare options were found to be transmitting data to Big Tech firms.
It’s not clear how much of that information is actually used to deliver targeted advertisements to people, but the data may inform the type of content that these platforms serve to users from whom they have collected health-related information.
It’s not the first time that these companies have been found to be collecting potentially sensitive data about users stemming from health-related platforms. In 2022, an investigation by The Markup found ad trackers on more than one-third of the 100 hospital networks it looked into. And while The Markup was unable to determine whether that data was used in the type of content served to users, Meta whistleblower Sarah Wynn-Williams revealed in 2025 that the company did use details about a person’s emotional state to target advertisements.
Last year, Meta updated its rules to limit advertisers’ ability to target health-related ad campaigns. But it remains quite opaque to people what information is being collected and shared—and from where it is being collected. Per Bloomberg, several states have already removed some trackers from their exchange websites following the report.
Reached for comment, a Meta spokesperson told Gizmodo, “We do not permit or want advertisers to share sensitive information with us through our business tools, and our systems are designed to detect and filter out information that appears potentially sensitive. Advertisers set up these tools and are ultimately responsible for the data they choose to share, including that they don’t share sensitive data with Meta per our terms.”
