Cerebral, an emotional health care provider, recently announced that their platforms may have unintentionally exposed the protected health information (PHI) of over 3.1 million individuals through the use of third-party tracking technologies.
Cerebral has been using tracking technologies since 2019, but after learning that some of the data shared with the third-parties also included PHI, it disabled, reconfigured, or removed them. Additionally, the sharing of data with all subcontractors that did not meet all HIPAA requirements was promptly disabled.
Depending on factors such as individuals’ use of Cerebral platforms, the nature of subcontracted services, and the configuration of the tracking technologies and data capturing platforms, various amounts of personal information were exposed to third-parties. This could include names, phone numbers, email and IP addresses, birth dates, Cerebral client ID numbers, and other information.
If the individuals also completed portions of Cerebral’s online mental health self-assessment or purchased a subscription plan from Cerebral, details on the service, the assessment responses, treatments, health insurance/pharmacy benefit information, other clinical information, and insurance co-pay amounts were also exposed.
Cerebral is notifying individuals who fell into any of these categories, even if they did not become a Cerebral patient or provide any information beyond what was necessary to create a Cerebral account. It also recommends that impacted individuals reset their Cerebral account passwords and adjust their privacy settings on Facebook, Google, and other online platforms.
To conclude, emotional healthcare provider Cerebral recently disclosed that more than 3.1 million individuals might have had their protected health information (PHI) inadvertently exposed. Although the company has disabled, reconfigured, or removed the tracking technologies, and sharing of data with subcontractors that did not meet all HIPAA requirements, a variety of personal information might have been exposed to third-parties. Cerebral is urging impacted individuals to reset their passwords and adjust their privacy settings.
Key Points:
- Emotional healthcare provider Cerebral recently disclosed that over 3.1 million individuals might have had their protected health information (PHI) inadvertently exposed.
- Cerebral has disabled, reconfigured, or removed the tracking technologies, and sharing of data with subcontractors that did not meet all HIPAA requirements.
- A variety of personal information might have been exposed to third-parties, including names, phone numbers, email and IP addresses, birth dates, Cerebral client ID numbers, and other information.
- Cerebral is urging impacted individuals to reset their passwords and adjust their privacy settings.