Analyzing third-party data leaks on online pharmacy websites

Purpose With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines...

Full description

Saved in:
Bibliographic Details
Published in:Health and technology 2024-03, Vol.14 (2), p.375-392
Main Authors: Rauti, Sampsa, Carlsson, Robin, Mickelsson, Sini, Mäkilä, Tuomas, Heino, Timi, Pirjatanniemi, Elina, Leppänen, Ville
Format: Article
Language:English
Subjects:
Biological and Medical Physics
Biomedical Engineering and Bioengineering
Biomedicine
Biophysics
Communications traffic
Computational Biology/Bioinformatics
Computer privacy
Confidentiality
Customer services
Customers
Data analysis
Data integrity
Digitization
Drug stores
Engineering
Medicine
Medicine/Public Health
Network analysis
Original Paper
Personal information
Pharmacy
Prescription drugs
Privacy
R & D/Technology Policy
Third party
Traffic analysis
Web portals
Web services
Websites
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Purpose With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines third parties such as analytics services on Finnish pharmacy websites and investigates the nature and contents of data leaks on these websites. Methods We perform an extensive network traffic analysis to reveal data leaks among 163 Finnish online pharmacies. We also study a set of privacy policies of these online pharmacies, and provide a legal analysis regarding the interpretation of the concept of data concerning health in the context of online pharmacies. Results Our findings reveal serious data leaks among Finnish online pharmacies. We found 145 pharmacies had third-party services on their websites and only 18 did not. Out of all 163 online pharmacies, 57 (35.0 %) leaked a specific prescription medicine name connected with identifying personal data on the customer. We argue that the information concerning purchases on the prescription medicines should be interpreted as data concerning health to ensure efficient protection of customers’ right to data protection and privacy. Conclusions We hope that these concerning results will serve as a wake-up call for the developers and maintainers of online pharmacies and other web services processing sensitive data. Any third-party services incorporated into websites processing sensitive personal data should be closely inspected in terms of data leaks, or preferably not used at all.
ISSN:2190-7188
2190-7196
DOI:10.1007/s12553-024-00819-w