#[1]TechCrunch » Feed [2]TechCrunch » Comments Feed [3]TechCrunch »
  Telehealth startup Cerebral shared millions of patients' data with
  advertisers Comments Feed [4]alternate [5]alternate [6]alternate

Telehealth startup Cerebral shared millions of patients' data with
advertisers

  [7]Zack Whittaker [8]@zackwhittaker / 14 hours
  [GettyImages-1310031204.jpg?w=600]

  Cerebral has revealed it shared the private health information,
  including mental health assessments, of more than 3.1 million patients
  in the United States with advertisers and social media giants like
  Facebook, Google and TikTok.

  The telehealth startup, which exploded in popularity during the
  COVID-19 pandemic after rolling lockdowns and a surge in online-only
  virtual health services, disclosed the security lapse in a filing with
  the federal government that it shared patients' personal and health
  information who used the app to search for therapy or other mental
  health care services.

  Cerebral said that it collected and shared names, phone numbers, email
  addresses, dates of birth, IP addresses and other demographics, as well
  as data collected from Cerebral's online mental health self-assessment,
  which may have also included the services that the patient selected,
  assessment responses and other associated health information.

  The [9]full disclosure follows:

    If an individual created a Cerebral account, the information
    disclosed may have included name, phone number, email address, date
    of birth, IP address, Cerebral client ID number, and other
    demographic or information. If, in addition to creating a Cerebral
    account, an individual also completed any portion of Cerebral's
    online mental health self-assessment, the information disclosed may
    also have included the service the individual selected, assessment
    responses, and certain associated health information.

    If, in addition to creating a Cerebral account and completing
    Cerebral's online mental health self-assessment, an individual also
    purchased a subscription plan from Cerebral, the information
    disclosed may also have included subscription plan type, appointment
    dates and other booking information, treatment, and other clinical
    information, health insurance/pharmacy benefit information (for
    example, plan name and group/member numbers), and insurance co-pay
    amount.

  Cerebral was sharing patients' data with tech giants in real-time by
  way of trackers and [10]other data-collecting code that the startup
  embedded within its apps. Tech companies and advertisers, like Google,
  Facebook and TikTok, allow developers to include snippets of their
  custom-built code, which allows the developers to share information
  about their app users' activity with the tech giants, often under the
  guise of analytics but also for advertising.

  But users often have no idea that they are opting-in to this tracking
  simply by accepting the app's terms of use and privacy policies, which
  many people don't read.

  Cerebral said in its notice to customers -- buried at the bottom of its
  website -- that the data collection and sharing has been going on since
  October 2019 when the startup was founded. The startup said it has
  removed the tracking code from its apps. While not mentioned, the tech
  giants are under no obligations to delete the data that Cerebral shared
  with them.

  Because of how Cerebral [11]handles confidential patient data, it's
  covered under the U.S. health privacy law known as HIPAA. According to
  [12]a list of health-related security lapses under investigation by the
  U.S. Department of Health and Human Services, which oversees and
  enforces HIPAA, Cerebral's data lapse is the second-largest breach of
  health data in 2023.

  News of Cerebral's years-long data lapse comes just weeks after the
  U.S. Federal Trade Commission slapped GoodRx with a $1.5 million fine
  and [13]ordered it to stop sharing patients' health data with
  advertisers, and BetterHelp was ordered to [14]pay customers $8.5
  million for mishandling users' data.

  If you were wondering [15]why startups today should terrify you,
  Cerebral is just the latest example.

    [16]Today's startups should terrify you

  ____________________

References

  1. https://techcrunch.com/feed/
  2. https://techcrunch.com/comments/feed/
  3. https://techcrunch.com/2023/03/10/cerebral-shared-millions-patient-data-advertisers/feed/
  4. https://techcrunch.com/wp-json/wp/v2/posts/2497915
  5. https://techcrunch.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Ftechcrunch.com%2F2023%2F03%2F10%2Fcerebral-shared-millions-patient-data-advertisers%2F
  6. https://techcrunch.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Ftechcrunch.com%2F2023%2F03%2F10%2Fcerebral-shared-millions-patient-data-advertisers%2F&format=xml
  7. https://techcrunch.com/author/zack-whittaker/
  8. https://twitter.com/zackwhittaker
  9. https://www.documentcloud.org/documents/23702301-cerebral-breach
 10. https://techcrunch.com/2021/01/28/x-mode-location-google-apple-ban/
 11. https://techcrunch.com/2022/10/24/telehealth-unicorn-cerebral-lays-off-20-of-staff-for-operational-efficiencies/
 12. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
 13. https://techcrunch.com/2023/02/01/ftc-slaps-online-pharmacy-goodrx-for-sharing-users-health-data-with-facebook-and-google/
 14. https://techcrunch.com/2023/03/02/betterhelp-owes-customers-7-8m-after-ftc-alleges-data-mishandling/
 15. https://techcrunch.com/2023/03/08/startups-today-should-terrify-you/
 16. https://techcrunch.com/2023/03/08/startups-today-should-terrify-you/

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.