Cerebral Inadvertently Shares Sensitive Patient Data With Meta, Tiktok, And Google
News

Cerebral Inadvertently Shares Sensitive Patient Data With Meta, Tiktok, And Google

Table of Content

This article explores how telehealth startup Cerebral unintentionally shared the private information of more than 3.1 million patients with third-party advertisers such as Google, Meta, and TikTok.

Key takeaways:

  • Telehealth startup Cerebral accidentally shared private patient data with third-party advertisers, including Google, Meta, and TikTok.
  • The breach exposed the personal information of over 3.1 million US patients, including names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatments, and more.
  • The use of tracking pixels by Cerebral gave third-party advertisers access to patient data, potentially compromising patient privacy.
  • The incident is not the first of its kind, as similar incidents involving pixel-tracking tools have occurred in the past.
  • Cerebral is under investigation for possible HIPAA violations and for its prescribing of controlled substances like Adderall and Xanax.
  • Ensuring patient data privacy and security is of utmost importance for healthcare providers, who must take necessary precautions to protect patient data.

Telehealth Startup Cerebral Shares Private Patient Data with Third-Party Advertisers

Telehealth startup Cerebral has recently made a disclosure that it inadvertently shared sensitive patient information with third-party advertisers, including Google, Meta, TikTok, and other companies. 

The company specializes in mental health and offers patients the convenience of scheduling therapy appointments and receiving prescription medication online. 

Unfortunately, this privacy breach has caused Cerebral to expose the personal information of over 3.1 million US patients through tracking tools that it has been using since October 2019.

The type of information that has been revealed is not the same for every patient and consists of various details such as names, IP addresses, insurance information, appointment dates,phone numbers, email addresses, birth dates, IP addresses, and treatments, and more. 

Even the answers given by clients to mental health self-assessment questions on the company’s website and app may have been exposed. 

This was caused by Cerebral’s use of tracking pixels, or bits of code from Google, Meta, TikTok, and other advertisers that allow developers to embed in their apps and websites. 

This is how the startups measure how users interact with their ads on various platforms, but this also gave third-party advertisers access to patients’ sensitive information, potentially exposing their privacy.

Cerebral is under investigation because they are legally obligated to report possible violations of HIPAA, a law that prohibits healthcare providers from sharing patient information with anyone except the patient or those authorized by the patient to access their information.

Similar Incidents in the Past

This incident is not the first of its kind as similar incidents involving pixel-tracking tools have occurred in the past. 

Last year, some of the US’s top hospitals were found to be sending sensitive patient information to Meta through its pixel. 

This led to two class-action lawsuits alleging that both Meta and the hospitals in question violated medical privacy laws. 

In addition, The Markup discovered that Meta was able to obtain financial information about its users through the tracking tools embedded in popular tax services like H&R Block, TaxAct, and TaxSlayer.

Moreover, other online medical companies, such as BetterHelp and GoodRx, have been fined by the Federal Trade Commission (FTC) for sharing sensitive patient data with third parties earlier this year.

Investigations Underway

In addition to the investigation about HIPAA violations, Cerebral is also being looked into by the Drug Enforcement Administration and the Department of Justice because of its prescription of controlled substances such as Adderall and Xanax. Cerebral has stopped the prescription of these medications.

Patient Privacy is a Priority

The Cerebral incident highlights the importance of ensuring patient data privacy and security, especially as telehealth services continue to increase in use. 

Healthcare providers must ensure that they take necessary precautions to protect patient data, including regularly reviewing and updating their security measures and ensuring that all employees are adequately trained in data security. 

Patients also have a role to play in protecting their data by being cautious about the information they share and carefully reading the privacy policies of the services they use.

Overall, the privacy breach involving Cerebral serves as a reminder to healthcare providers and all parties involved in handling sensitive information that they must take the necessary precautions to prevent data breaches and protect patient privacy.

share

Written by

gabriel

Reviewed By

Judith

Judith

Judith Harvey is a seasoned finance editor with over two decades of experience in the financial journalism industry. Her analytical skills and keen insight into market trends quickly made her a sought-after expert in financial reporting.