The Electronic Privacy Information Center (EPIC) released a report, Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age, warning that US health privacy protections are failing as health-related data is increasingly collected outside clinical settings and repurposed for commercial profiling and government use. EPIC argues that outdated laws (including HIPAA’s limited scope) and weak regulation of digital tracking enable health data to be harvested via apps, websites, location tracking, and online searches, then aggregated and sold—supporting targeted advertising, “surveillance pricing,” and other uses that can raise costs or restrict access to care.
The report and related coverage highlight that health data can escape medical contexts and be used for surveillance and enforcement, including scenarios where immigration enforcement activity in or around medical facilities deters patients from seeking treatment. EPIC frames the issue as a “health privacy crisis” that undermines trust and worsens outcomes, particularly for marginalized communities, and points to data brokers and the broader commercial surveillance ecosystem as central drivers of the problem; EPIC also promoted a public event discussing the report’s findings and recommendations.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
EPIC announced a related event for 2 p.m. EST on January 21 to discuss how insufficient health-data privacy protections contribute to inequities in care. The panel was presented as a follow-on discussion tied to the report's release.
The Electronic Privacy Information Center published a report, "Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age," arguing that current U.S. health-data privacy protections are inadequate. The report says digital surveillance, data brokers, weak laws, and government access to health-related data are deterring people from seeking care and worsening outcomes.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.