/cdn.vox-cdn.com/uploads/chorus_asset/file/23318437/akrales_220309_4977_0292.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24939160/tsm_roster.png)
/cdn.vox-cdn.com/uploads/chorus_asset/file/10329943/jbareham_180301_2346_nintendo_switch_0034_splatoon.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/19825976/CITADEL_2K.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24931350/236792_iPhone_15_Pro_and_15_Pro_Max_product_photos_AJohnson_0006.jpg)
Telehealth startup Cerebral has admitted to inadvertently sharing the sensitive information of more than 3.1 million patients with advertisers including Google, Meta and TikTok. Cerebral said it had exposed data including patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment details and more through its use of tracking pixels or codes embedded in its app and website that help track a user’s activity. The breach may also have exposed responses from users filling out mental health self assessment forms. Cerebral said the data exposed was different for each user. It promises to notify affected users, and said it has enhanced its information security practices to prevent future exposures after discovering the breach.
Under the Health Insurance Portability and Accountability Act (HIPAA), which bars healthcare providers from divulging patient information to anyone other than the patient or those explicitly approved by them, Cerebral is legally obliged to publicly disclose the breach. The US Office for Civil Rights is investigating the breach, which is reminiscent of an investigation in 2021 that revealed some of the country’s leading hospitals were sending sensitive patient information to Meta through its pixel. The story sparked two class-action lawsuits against Meta, the hospitals and the companies involved, alleging they violated medical privacy laws.
While the exposure of such sensitive data as medical, financial and personal information raises concern for patients or users of telemedicine apps, it has also posed serious legal issues for the service providers. Companies like BetterHelp and GoodRx are some that have been slapped with huge fines from the US Federal Trade Commission (FTC) recently, over allegations of sharing users’ data with unauthorized third parties. Meanwhile, Cerebral is facing a Department of Justice and Drug Enforcement Administration investigation over whether it illegally prescribed controlled substances like Adderall and Xanax to patients. Since the investigation, Cerebral has stopped prescription of these medications.
As a push for developing telemedicine and telehealth services grow in the US and around the world, so have controversies over the protection of patient information. Cybersecurity issues and data breaches continue to affect widespread anxiety over retaining user confidence and trust in medical services that depend on digital connections.
Source link
/cdn.vox-cdn.com/uploads/chorus_asset/file/23318437/akrales_220309_4977_0292.jpg&description=Cerebral%20admits%20to%20sharing%20patient%20data%20with%20Meta%2C%20TikTok%2C%20and%20Google){kind=link}