Loading…
Analyzing third-party data leaks on online pharmacy websites
Purpose With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines...
Saved in:
| Published in: | Health and technology 2024-03, Vol.14 (2), p.375-392 |
|---|---|
| Main Authors: | , , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | cdi_FETCH-LOGICAL-c314t-9101fe928d05abcc265fedfc059de26b094d65c7e004f54cb77809ac6b8200f3 |
| container_end_page | 392 |
| container_issue | 2 |
| container_start_page | 375 |
| container_title | Health and technology |
| container_volume | 14 |
| creator | Rauti, Sampsa Carlsson, Robin Mickelsson, Sini Mäkilä, Tuomas Heino, Timi Pirjatanniemi, Elina Leppänen, Ville |
| description | Purpose
With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines third parties such as analytics services on Finnish pharmacy websites and investigates the nature and contents of data leaks on these websites.
Methods
We perform an extensive network traffic analysis to reveal data leaks among 163 Finnish online pharmacies. We also study a set of privacy policies of these online pharmacies, and provide a legal analysis regarding the interpretation of the concept of data concerning health in the context of online pharmacies.
Results
Our findings reveal serious data leaks among Finnish online pharmacies. We found 145 pharmacies had third-party services on their websites and only 18 did not. Out of all 163 online pharmacies, 57 (35.0 %) leaked a specific prescription medicine name connected with identifying personal data on the customer. We argue that the information concerning purchases on the prescription medicines should be interpreted as data concerning health to ensure efficient protection of customers’ right to data protection and privacy.
Conclusions
We hope that these concerning results will serve as a wake-up call for the developers and maintainers of online pharmacies and other web services processing sensitive data. Any third-party services incorporated into websites processing sensitive personal data should be closely inspected in terms of data leaks, or preferably not used at all. |
| doi_str_mv | 10.1007/s12553-024-00819-w |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2928739949</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2928739949</sourcerecordid><originalsourceid>FETCH-LOGICAL-c314t-9101fe928d05abcc265fedfc059de26b094d65c7e004f54cb77809ac6b8200f3</originalsourceid><addsrcrecordid>eNp9kEtLw0AUhQdRsNT-AVcB16N3XkkG3JTiCwpuuh8m82hT0yTOpJT46x2N6M7LhXsX5xwOH0LXBG4JQHEXCRWCYaAcA5RE4tMZmlEiARdE5ue_f1leokWMe0gjiJCczdD9stXN-FG322zY1cHiXodhzKwedNY4_Razrk3b1K3L-p0OB23G7OSqWA8uXqELr5voFj93jjaPD5vVM16_Pr2slmtsGOEDlgSId5KWFoSujKG58M56A0JaR_MKJLe5MIUD4F5wUxVFCVKbvCopgGdzdDPF9qF7P7o4qH13DKl3VDSlFkxKLpOKTioTuhiD86oP9UGHURFQX5zUxEklTuqbkzolE5tMMYnbrQt_0f-4PgEfvmsY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2928739949</pqid></control><display><type>article</type><title>Analyzing third-party data leaks on online pharmacy websites</title><source>Springer Link</source><creator>Rauti, Sampsa ; Carlsson, Robin ; Mickelsson, Sini ; Mäkilä, Tuomas ; Heino, Timi ; Pirjatanniemi, Elina ; Leppänen, Ville</creator><creatorcontrib>Rauti, Sampsa ; Carlsson, Robin ; Mickelsson, Sini ; Mäkilä, Tuomas ; Heino, Timi ; Pirjatanniemi, Elina ; Leppänen, Ville</creatorcontrib><description>Purpose
With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines third parties such as analytics services on Finnish pharmacy websites and investigates the nature and contents of data leaks on these websites.
Methods
We perform an extensive network traffic analysis to reveal data leaks among 163 Finnish online pharmacies. We also study a set of privacy policies of these online pharmacies, and provide a legal analysis regarding the interpretation of the concept of data concerning health in the context of online pharmacies.
Results
Our findings reveal serious data leaks among Finnish online pharmacies. We found 145 pharmacies had third-party services on their websites and only 18 did not. Out of all 163 online pharmacies, 57 (35.0 %) leaked a specific prescription medicine name connected with identifying personal data on the customer. We argue that the information concerning purchases on the prescription medicines should be interpreted as data concerning health to ensure efficient protection of customers’ right to data protection and privacy.
Conclusions
We hope that these concerning results will serve as a wake-up call for the developers and maintainers of online pharmacies and other web services processing sensitive data. Any third-party services incorporated into websites processing sensitive personal data should be closely inspected in terms of data leaks, or preferably not used at all.</description><identifier>ISSN: 2190-7188</identifier><identifier>EISSN: 2190-7196</identifier><identifier>DOI: 10.1007/s12553-024-00819-w</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Biological and Medical Physics ; Biomedical Engineering and Bioengineering ; Biomedicine ; Biophysics ; Communications traffic ; Computational Biology/Bioinformatics ; Computer privacy ; Confidentiality ; Customer services ; Customers ; Data analysis ; Data integrity ; Digitization ; Drug stores ; Engineering ; Medicine ; Medicine/Public Health ; Network analysis ; Original Paper ; Personal information ; Pharmacy ; Prescription drugs ; Privacy ; R & D/Technology Policy ; Third party ; Traffic analysis ; Web portals ; Web services ; Websites</subject><ispartof>Health and technology, 2024-03, Vol.14 (2), p.375-392</ispartof><rights>The Author(s) 2024</rights><rights>The Author(s) 2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c314t-9101fe928d05abcc265fedfc059de26b094d65c7e004f54cb77809ac6b8200f3</cites><orcidid>0000-0002-1891-2353</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Rauti, Sampsa</creatorcontrib><creatorcontrib>Carlsson, Robin</creatorcontrib><creatorcontrib>Mickelsson, Sini</creatorcontrib><creatorcontrib>Mäkilä, Tuomas</creatorcontrib><creatorcontrib>Heino, Timi</creatorcontrib><creatorcontrib>Pirjatanniemi, Elina</creatorcontrib><creatorcontrib>Leppänen, Ville</creatorcontrib><title>Analyzing third-party data leaks on online pharmacy websites</title><title>Health and technology</title><addtitle>Health Technol</addtitle><description>Purpose
With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines third parties such as analytics services on Finnish pharmacy websites and investigates the nature and contents of data leaks on these websites.
Methods
We perform an extensive network traffic analysis to reveal data leaks among 163 Finnish online pharmacies. We also study a set of privacy policies of these online pharmacies, and provide a legal analysis regarding the interpretation of the concept of data concerning health in the context of online pharmacies.
Results
Our findings reveal serious data leaks among Finnish online pharmacies. We found 145 pharmacies had third-party services on their websites and only 18 did not. Out of all 163 online pharmacies, 57 (35.0 %) leaked a specific prescription medicine name connected with identifying personal data on the customer. We argue that the information concerning purchases on the prescription medicines should be interpreted as data concerning health to ensure efficient protection of customers’ right to data protection and privacy.
Conclusions
We hope that these concerning results will serve as a wake-up call for the developers and maintainers of online pharmacies and other web services processing sensitive data. Any third-party services incorporated into websites processing sensitive personal data should be closely inspected in terms of data leaks, or preferably not used at all.</description><subject>Biological and Medical Physics</subject><subject>Biomedical Engineering and Bioengineering</subject><subject>Biomedicine</subject><subject>Biophysics</subject><subject>Communications traffic</subject><subject>Computational Biology/Bioinformatics</subject><subject>Computer privacy</subject><subject>Confidentiality</subject><subject>Customer services</subject><subject>Customers</subject><subject>Data analysis</subject><subject>Data integrity</subject><subject>Digitization</subject><subject>Drug stores</subject><subject>Engineering</subject><subject>Medicine</subject><subject>Medicine/Public Health</subject><subject>Network analysis</subject><subject>Original Paper</subject><subject>Personal information</subject><subject>Pharmacy</subject><subject>Prescription drugs</subject><subject>Privacy</subject><subject>R & D/Technology Policy</subject><subject>Third party</subject><subject>Traffic analysis</subject><subject>Web portals</subject><subject>Web services</subject><subject>Websites</subject><issn>2190-7188</issn><issn>2190-7196</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNp9kEtLw0AUhQdRsNT-AVcB16N3XkkG3JTiCwpuuh8m82hT0yTOpJT46x2N6M7LhXsX5xwOH0LXBG4JQHEXCRWCYaAcA5RE4tMZmlEiARdE5ue_f1leokWMe0gjiJCczdD9stXN-FG322zY1cHiXodhzKwedNY4_Razrk3b1K3L-p0OB23G7OSqWA8uXqELr5voFj93jjaPD5vVM16_Pr2slmtsGOEDlgSId5KWFoSujKG58M56A0JaR_MKJLe5MIUD4F5wUxVFCVKbvCopgGdzdDPF9qF7P7o4qH13DKl3VDSlFkxKLpOKTioTuhiD86oP9UGHURFQX5zUxEklTuqbkzolE5tMMYnbrQt_0f-4PgEfvmsY</recordid><startdate>20240301</startdate><enddate>20240301</enddate><creator>Rauti, Sampsa</creator><creator>Carlsson, Robin</creator><creator>Mickelsson, Sini</creator><creator>Mäkilä, Tuomas</creator><creator>Heino, Timi</creator><creator>Pirjatanniemi, Elina</creator><creator>Leppänen, Ville</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>C6C</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>K9.</scope><scope>NAPCQ</scope><orcidid>https://orcid.org/0000-0002-1891-2353</orcidid></search><sort><creationdate>20240301</creationdate><title>Analyzing third-party data leaks on online pharmacy websites</title><author>Rauti, Sampsa ; Carlsson, Robin ; Mickelsson, Sini ; Mäkilä, Tuomas ; Heino, Timi ; Pirjatanniemi, Elina ; Leppänen, Ville</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c314t-9101fe928d05abcc265fedfc059de26b094d65c7e004f54cb77809ac6b8200f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Biological and Medical Physics</topic><topic>Biomedical Engineering and Bioengineering</topic><topic>Biomedicine</topic><topic>Biophysics</topic><topic>Communications traffic</topic><topic>Computational Biology/Bioinformatics</topic><topic>Computer privacy</topic><topic>Confidentiality</topic><topic>Customer services</topic><topic>Customers</topic><topic>Data analysis</topic><topic>Data integrity</topic><topic>Digitization</topic><topic>Drug stores</topic><topic>Engineering</topic><topic>Medicine</topic><topic>Medicine/Public Health</topic><topic>Network analysis</topic><topic>Original Paper</topic><topic>Personal information</topic><topic>Pharmacy</topic><topic>Prescription drugs</topic><topic>Privacy</topic><topic>R & D/Technology Policy</topic><topic>Third party</topic><topic>Traffic analysis</topic><topic>Web portals</topic><topic>Web services</topic><topic>Websites</topic><toplevel>online_resources</toplevel><creatorcontrib>Rauti, Sampsa</creatorcontrib><creatorcontrib>Carlsson, Robin</creatorcontrib><creatorcontrib>Mickelsson, Sini</creatorcontrib><creatorcontrib>Mäkilä, Tuomas</creatorcontrib><creatorcontrib>Heino, Timi</creatorcontrib><creatorcontrib>Pirjatanniemi, Elina</creatorcontrib><creatorcontrib>Leppänen, Ville</creatorcontrib><collection>SpringerOpen</collection><collection>CrossRef</collection><collection>ProQuest Health & Medical Complete (Alumni)</collection><collection>Nursing & Allied Health Premium</collection><jtitle>Health and technology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Rauti, Sampsa</au><au>Carlsson, Robin</au><au>Mickelsson, Sini</au><au>Mäkilä, Tuomas</au><au>Heino, Timi</au><au>Pirjatanniemi, Elina</au><au>Leppänen, Ville</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Analyzing third-party data leaks on online pharmacy websites</atitle><jtitle>Health and technology</jtitle><stitle>Health Technol</stitle><date>2024-03-01</date><risdate>2024</risdate><volume>14</volume><issue>2</issue><spage>375</spage><epage>392</epage><pages>375-392</pages><issn>2190-7188</issn><eissn>2190-7196</eissn><abstract>Purpose
With digitalization, using essential digital services such as online services has become increasingly common. These services process sensitive health related data, such as customers’ prescription medicine orders, which makes ensuring stringent data privacy crucial. The current study examines third parties such as analytics services on Finnish pharmacy websites and investigates the nature and contents of data leaks on these websites.
Methods
We perform an extensive network traffic analysis to reveal data leaks among 163 Finnish online pharmacies. We also study a set of privacy policies of these online pharmacies, and provide a legal analysis regarding the interpretation of the concept of data concerning health in the context of online pharmacies.
Results
Our findings reveal serious data leaks among Finnish online pharmacies. We found 145 pharmacies had third-party services on their websites and only 18 did not. Out of all 163 online pharmacies, 57 (35.0 %) leaked a specific prescription medicine name connected with identifying personal data on the customer. We argue that the information concerning purchases on the prescription medicines should be interpreted as data concerning health to ensure efficient protection of customers’ right to data protection and privacy.
Conclusions
We hope that these concerning results will serve as a wake-up call for the developers and maintainers of online pharmacies and other web services processing sensitive data. Any third-party services incorporated into websites processing sensitive personal data should be closely inspected in terms of data leaks, or preferably not used at all.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s12553-024-00819-w</doi><tpages>18</tpages><orcidid>https://orcid.org/0000-0002-1891-2353</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2190-7188 |
| ispartof | Health and technology, 2024-03, Vol.14 (2), p.375-392 |
| issn | 2190-7188 2190-7196 |
| language | eng |
| recordid | cdi_proquest_journals_2928739949 |
| source | Springer Link |
| subjects | Biological and Medical Physics Biomedical Engineering and Bioengineering Biomedicine Biophysics Communications traffic Computational Biology/Bioinformatics Computer privacy Confidentiality Customer services Customers Data analysis Data integrity Digitization Drug stores Engineering Medicine Medicine/Public Health Network analysis Original Paper Personal information Pharmacy Prescription drugs Privacy R & D/Technology Policy Third party Traffic analysis Web portals Web services Websites |
| title | Analyzing third-party data leaks on online pharmacy websites |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T16%3A29%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Analyzing%20third-party%20data%20leaks%20on%20online%20pharmacy%20websites&rft.jtitle=Health%20and%20technology&rft.au=Rauti,%20Sampsa&rft.date=2024-03-01&rft.volume=14&rft.issue=2&rft.spage=375&rft.epage=392&rft.pages=375-392&rft.issn=2190-7188&rft.eissn=2190-7196&rft_id=info:doi/10.1007/s12553-024-00819-w&rft_dat=%3Cproquest_cross%3E2928739949%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c314t-9101fe928d05abcc265fedfc059de26b094d65c7e004f54cb77809ac6b8200f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2928739949&rft_id=info:pmid/&rfr_iscdi=true |