Hey everyone! Nuked here, and I’m excited to talk about the recent news about Cerebral, a telehealth startup specializing in mental health. Recently, Cerebral has admitted to inadvertently sharing the sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers.
The information affected by the oversight includes everything from patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and more. It may have even exposed the answers clients filled out as part of the mental health self-assessment on the company’s website and app.
It turns out that this information got out through its use of tracking pixels, which are bits of code Meta, TikTok, and Google allow developers to embed in their apps and websites. The Meta Pixel can collect data about a user’s activity on a website or app after clicking an ad on the platform.
Cerebral says that the exposed information could “vary” from patient to patient depending on several factors. However, they have assured users that no social security numbers, credit card numbers, or bank account information was exposed.
In response to this breach, Cerebral has disabled or removed any tracking pixels on their platform to prevent future exposures. They have also enhanced their information security practices and technology vetting processes. They are also required by law to disclose potential violations of HIPAA.
This incident follows similar incidents involving pixel-tracking tools. Last year for example, an investigation by The Markup found that some of the nation’s top hospitals were sending sensitive patient information to Meta through their tracking pixel. In addition to this incident, other online medical companies have received hefty fines from the FTC for sharing sensitive patient data with third parties earlier this year.
Cerebral is currently facing an investigation by the US Office for Civil Rights over whether or not they have violated HIPAA regulations. In addition to this they are also facing an investigation by the Department of Justice and the Drug Enforcement Administration over their prescribing of controlled substances.