The Hidden Multi-Billion-Dollar Industry Profiting From Your Medical Records

Every time you visit a doctor, fill prescriptions, or sync a health app, your medical data enters a digital system. That system does more than just store your data. It also shares it with vendors, insurers, and third-party brokers who process, analyze, and commercialize it for their own benefit, often at your expense.

This all began in the early 2000s when governments started encouraging the adoption of electronic health records. In the US, the Health Information Technology for Economic and Clinical Health Act of 2009 provided $30 billion to accelerate EHR adoption. By 2017, over 95 percent of US hospitals had adopted EHRs (Source: Healthit.gov). Combine that with the rise of wearable devices and health apps, and you have an asset that is too tempting for data brokers, insurers, and tech companies to ignore.

Once a medical record is digitized, it moves through a web of interconnected systems that go far beyond the clinic. Every appointment generates diagnostic codes, lab results, and billing records, which are shared with multiple parties. Pharmacies upload prescription data, while health apps continuously collect information that is stored in cloud servers. All of these datasets are aggregated, de-identified when required, and packaged for sale to analytics firms and data brokers. These companies then create detailed patient profiles used for advertising, research, and insurance risk modeling.

The main business models for this type of data are direct sales, platform subscriptions, and licensing. Data brokers like IQVIA and Symphony Health aggregate records and sell them to pharmaceutical marketers, advertising networks, research firms, and insurers. EHR providers like Veradigm monetize anonymized clinical records by offering analytics dashboards and predictive modeling for various companies. Subscription-based platforms provide clients with continuously updated patient datasets, while brokers and analytics firms sell segmented datasets for targeted advertising, insurance risk scoring, and real-world studies. This entire ecosystem has grown into a massive global market, valued at approximately $53 billion in 2024, and it is projected to reach $198 billion by 2033. (Source)

And if that wasn’t already concerning enough, here are a few major incidents that highlight the risks and consequences of medical data misuse:

1. Change Healthcare, 2024: In February 2024, a ransomware attack exposed the medical data of approximately 192.7 million Americans. For weeks, clinics and hospitals were unable to submit or process insurance claims, which led to delayed care, unpaid bills, and temporary shutdowns for smaller practices. The breach exposed patients’ medical histories, insurance member IDs, treatment and billing details, test results, banking information, diagnosis codes, and in some cases Social Security numbers. Hackers could now purchase detailed profiles of any of these 192.7 million individuals on dark web marketplaces and use them for identity theft, fraudulent insurance claims, financial exploitation, or other forms of targeted abuse that could ruin someone’s life. Link
2. American Medical Collection Agency (AMCA), 2019: The billing collection vendor servicing labs like Quest Diagnostics and LabCorp suffered a breach that exposed the data of over 20 million patients. After the leak, some victims reported unauthorized credit card charges, fraudulent insurance claims filed in their names, and billing information being sold on dark web markets. More on it here.
3. Anthem, Inc., 2015: Hackers stole personally identifiable information of approximately 78.8 million customers and employees. The exposed data included patients’ names, dates of birth, Social Security numbers, street addresses, email addresses, and employment and income information. This means that these 78.8 million individuals are at risk of identity theft for the rest of their lives. Many of the affected victims have already reported fraudulent credit applications, unauthorized bank transactions, and fake medical claims filed in their names. (Source: Wikipedia)

Globally, countries take very different approaches to handling medical data. China runs one of the world’s largest centralized health databases, which hospitals and tech companies can access, but it is tightly controlled by the government. India, Indonesia, and Brazil have expanding digital health programs, but weak enforcement and fragmented rules allow both state agencies and private companies to handle data freely. The EU is the most restrictive, where companies cannot analyze or repurpose medical data without consent. The US stands alone in allowing nearly complete commercial redistribution.

But it’s not all bad, as these datasets have helped support legitimate breakthroughs like spotting early signs of disease before symptoms appear, identifying existing drugs that might help treat conditions like Alzheimer’s or Parkinson’s, speeding up cancer drug approvals by providing real-world evidence, and helping researchers understand which treatments work best for patients in everyday life rather than just in clinical trials. In the end, it’s a double-edged knife, often working against you rather than for you. As long as research remains just a way to get a free pass, the benefits will continue to be overshadowed by the risks. The people who own the data will continue to remain exposed to the chaos caused by a lack of accountability throughout the system.