Cerebral, a telehealth startup that gained popularity in the early days of the pandemic, revealed this week that it shared the personal data of more than 3.1 million US patients with social media companies and advertisers, including Google, Meta and TikTok. As first reported TechCrunch (through the edge), a recently uploaded warning on Cerebral’s website reveals that the company had been using “pixels,” tracking scripts from companies like Goal offers third-party developers for advertising purposes to collect user data since it started operating in October 2019.
Following a recent review of its software, Cerebral “determines that it has disclosed certain information that may be regulated as protected health information under [the Health Insurance Portability and Accountability Act].” Among the data Cerebral shared were names, phone numbers, dates of birth and insurance information. In some cases, the company may also have exposed information it collected through mental health self-assessment patients completed to schedule counseling appointments and access other services. According to Cerebral, he did not disclose social security numbers, banking information or credit card numbers.
After learning of the oversight, Cerebral says it “disabled, reconfigured, and/or removed” the tracking pixels that caused the data exposure. “In addition, we have enhanced our information security practices and technology vetting processes to further mitigate the risk of sharing such information in the future.” The United States Department of Health and Human Services is investigating brain. News of the data exposure comes after the Federal Trade Commission fined discount drug app GoodRx $1.5 million for sharing patient information with Meta and Google. Earlier this month, the agency announced a $7.8 million settlement with online counseling company BetterHelp, saying it sought to ban the company from sharing health data for ad targeting.
