The doctoral dissertation found serious shortcomings in the data protection of health online services.
Through many online pharmacies, healthcare services and mental health sites, customer information leaks into the hands of outside parties. Colourbox
According to a recent Finnish doctoral dissertation study, Finnish health sites have had serious information leaks, most of which have now been repaired thanks to the study.
Through many online pharmacies, healthcare services and mental health sites, customer information leaks into the hands of outside parties. Typically, data leaks through the analytics tools and other side elements on the website for Google, Meta, Yandex and Microsoft Bing.
Because services deal with, for example, information related to clients’ medications, illnesses and treatment measures, it should not end up in third parties.
The study also investigated the activities of the sites from the perspective of the Data Protection Act and the users, ie whether the user is properly informed about the processing of personal data. Often, the possibility of banning data processing was not realized as required by law.
Master of Science (MSc) Sampsa Rauta argued for a doctorate from the field of information technology at the University of Turku on Friday, May 2, 2025. His doctoral dissertation “Information leaks for third parties in Finnish healthcare online services” there is readable on the university website.
Rauti says in the announcement that the topic has not been previously studied for Finnish online services. Information leaks for online pharmacy for third parties have not been studied at all before.
In public sector health services, privacy was better than in the private sector. According to the study, both sectors still have a lot of improvement in the processing of personal data.
Third parties ended up, among other things, the names of prescription drugs and information related to healthcare appointments, combined with individual information. For example, 35 % of Finnish online pharmacies leaked prescription drug names for outsiders.
– The information leaks found in the study were reported to the administrators of the online services and the shortcomings of these services have been largely corrected. For several online pharmacies leaks, the Office of the Data Protection Officer is currently investigating leaks, and similar problems may still be in many other services. Findings in the study show that it is necessary to clarify compliance with the regulation, to develop audit practices, to favor local analytics solutions, and to pay special attention to third parties’ selection, says Rauti in the release.