Nearly all of the 20 U.S. state-run health insurance marketplaces shared residents’ application data with advertising and technology companies — including Google, LinkedIn, Meta, Snap, and TikTok — according to a Bloomberg investigation published in May 2026.
The data shared included sensitive personal details collected during health insurance applications. New York’s exchange shared information about whether applicants had incarcerated family members. Washington, D.C.’s exchange collected residents’ sex and race, which TikTok’s pixel tracker attempted to redact — though some racial categories were masked while others were not. A D.C. exchange spokesperson confirmed to Bloomberg that residents’ email addresses, phone numbers, and country identifiers were also shared with TikTok. Virginia’s exchange was found to be sharing residents’ ZIP codes with Meta.
Following Bloomberg’s reporting, Washington, D.C. paused its rollout of the TikTok tracker, and Virginia removed the Meta tracker from its website.
The mechanism behind the sharing is pixel-sized trackers — small tools commonly used for web analytics and identifying technical bugs. When misconfigured and placed on pages containing sensitive data, these trackers can inadvertently capture and transmit personal information to third parties whose business models rely on consumer data for advertising.
This is not an isolated issue. Telehealth startups and large healthcare companies have previously had to notify millions of users that their health information was inadvertently collected and shared with tech companies through similar means.
The scale of the problem is significant when applied to government platforms. Bloomberg noted that more than seven million Americans purchased health insurance through a state exchange for 2026, meaning the potential exposure of sensitive data could affect a broad portion of the population.
Source: TechCrunch