If you've ever used a state healthcare portal to check your Medicaid status or schedule a clinic visit, you probably assumed your personal health data was locked up tighter than a hospital-grade safe.

Think again.

Behind the digital curtain, many state-run healthcare systems are doing something shocking: tracking your clicks, logging your diagnoses, and selling your sensitive information. The very systems meant to protect your health are often riddled with third-party trackers that quietly leak your data to advertisers, brokers, and, eventually, the dark web.

Your Medical History Isn’t Private Anymore

Imagine your health data as a diary hidden under your mattress. Now imagine your parents had a spare key, and they’re reading entries aloud to anyone willing to pay. That’s the reality for millions of Americans using state healthcare portals.

Investigations have found that these sites embed dozens of trackers, from standard tools like Google Analytics to more invasive data miners. These aren’t just collecting anonymous usage stats; some are capable of logging every search term, diagnosis, and personal detail you enter.

Let’s look at the numbers:

• California: 63 trackers

• Nevada: 49

• Maryland: 31

• Massachusetts: 28

• Georgia: 16

• New York, Colorado, New Mexico, New Jersey: 15

• And so on, even Vermont, with just one tracker, isn’t immune.

Data Breaches Are Just the Tip of the Iceberg

Tracking is just one side of the problem. Breaches are the other, and they're happening more often than you think.

In one of the most devastating examples, the Change Healthcare breach exposed data from up to 190 million Americans. How? Hackers exploited a Citrix portal with no multi-factor authentication (MFA). Just a username, a password, and a straight path to records, billing details, and Social Security numbers.

Other disasters include:

• Episource (a vendor for multiple state health plans) leaked 5 million medical records in a ransomware attack.

• Georgia’s Pineland Community Service Board lost data for 50,000 patients to a group called Ransom Hub.

• Massachusetts and New Hampshire issued weak warnings and experienced delays in notification, leaving users vulnerable.

Why Is This Still Happening?

The reasons aren’t complicated, just infuriating:

• Budget cuts mean outdated infrastructure and minimal cybersecurity staffing.

• Vendors like Change Healthcare or Episource skip basic protections like MFA and data encryption.

• States fail to audit third-party partners, letting breaches and silent trackers slip through unnoticed.

The result? Your name, medical history, insurance details, and more can end up on dark web forums — fueling identity theft, insurance fraud, and phishing attacks.

What Can You Do About It?

At Cyberstreams, we believe no one should have to trade privacy for access to healthcare. Here are 3 immediate actions you can take to protect yourself:

1. Block Trackers

• Use tracker-blocking browsers like Safari or Brave.

• Install extensions like DuckDuckGo Privacy Essentials or uBlock Origin.

• Browse with a VPN to add another layer of protection.

2. Use Data Removal Services

• Services like Cloaked, DuckDuckGo Privacy Pro, or DeleteMe help remove your information from data brokers and public databases.

3. Demand Better from Your State

• Contact your local health department.

• Ask about tracker audits and security protocols.

• Push for stronger data privacy laws and breach transparency.

Conclusion: Your Data Deserves Better

Healthcare should come with compassion, not compromise. The reality is that many state portals are failing to secure your most sensitive data, and worse, some are actively profiting from it.

Privacy isn't a buzzword. It's a right.

Until government systems catch up, the responsibility to guard your digital life falls on you. By blocking trackers, removing your data from brokers, and demanding real accountability, you can start reclaiming your privacy, one step at a time.

The system may be broken, but your defenses don’t have to be.