LOKKER Finds One-Quarter of the Largest 1,000 Healthcare Organizations’ Websites Are at Significant Risk for Online Data Privacy Violations

LOKKER’s Web Privacy Risk ScoreTM Reveals Common Consumer Data Privacy Risks in the Healthcare Sector as Class-Action Lawsuits Are on the Rise 

Redwood City, Calif. – April 18, 2023 – LOKKER, provider of online data privacy and compliance solutions for enterprises, today released new online privacy risk research for the largest 1,000 healthcare organizations’ websites. LOKKER’s findings uncover great risk to consumers’ personal health information , with 26% of healthcare organizations’ Web Privacy Risk Scores flagged as above 335, and of those, more than 100 scored above 500, which indicates significant risk according to LOKKER. LOKKER recently announced its Web Privacy Risk Score, a first-of-its-kind assessment tool that quantifies a company’s potential risk of privacy violations pertaining to the collection and sharing of customers’ online information. 

Businesses across all sectors are being scrutinized for using third-party trackers to gather user data, especially social media trackers like the Facebook (Meta) pixel. In fact, research LOKKER conducted in October 2022 discovered that the Facebook/Meta pixel was found on 40% of the 5,000 healthcare websites analyzed. Healthcare organizations frequently do not know or understand the number of trackers, cookies, and other applications running in the background of their websites, let alone the possible privacy risks they pose. Consumer and patient data privacy are becoming increasingly important, and businesses must keep control over it or face the consequences of not doing so, according to a surge of class-action lawsuits in numerous states and federal regulatory enforcement efforts. 

LOKKER’s Web Privacy Risk Score measures a variety of risk factors, including trackers, session recorders, cookies, malware, lack of consent banner, sensitive data collection, and risky foreign domains.

LOKKER investigated the high-risk pages it found further and uncovered common practices driving up risk scores that should be of great concern for all healthcare providers: 

  • Contact pages tend to be among the riskiest data privacy threats. The tracking tools and ad tech on these pages can track what links are clicked on and build profiling lists that can be used for targeting, which could violate HIPAA, especially if the link indicates something about the person’s medical condition. 
  • Providers should be aware of trackers on appointment booking pages asking for sensitive health information. This data will be shared with third parties and trackers on the pages.
  • Pop-up forms for promotional offers present risks if not secure. Organizations also need to ensure the data is only being shared or used precisely how the user consents to it.

In its analysis of a children’s hospital website, alarmingly, the Web Privacy Risk Score was 760, as LOKKER  found as many as 135 cookies, 64 trackers, and four session replay tools, including on pages dealing with medical symptoms and conditions. An addiction treatment center received a 1000 score (the highest possible) because it had several session recording tools, trackers, and ad tech tools collecting information about user behavior on its website, even on pages related to intake. There were no consent banners to ask if this data collection was okay.

“These examples show how third-party tools, including trackers, session recorders, cookies, malware, and others, can violate data privacy laws like HIPAA, CPRA, etc. if they collect sensitive health data without proper disclosure and consent,” said Ian Cohen, CEO of LOKKER. “LOKKER’s Web Privacy Risk Score helps healthcare organizations quickly identify problematic websites and pages that could lead to data privacy violations, class action lawsuits or potentially a breach. Never has the time been more urgent for healthcare businesses to get control of their consumers’ and patients’ data privacy online.”  

For healthcare businesses interested in learning more about their Web Privacy Risk Score, contact http://lokker.com/healthcare/

LOKKER is a Silicon Valley-based data privacy technology company creating software for companies to protect their customers’ sensitive personal information. LOKKER’s Privacy Edge™ platform is a SaaS-based solution that automates detection and mitigation of online threats that lead to major incidents, fines and reputational damage for companies. For more information visit, lokker.com.