时间:2025-09-17 01:01:00 来源:网络整理编辑:探索
Startups are notoriously bad at keeping our data safe. Cerebral — a telehealth startup that la
Startups are notoriously bad at keeping our data safe. Cerebral — a telehealth startup that launched into popularity during the early days of the coronavirus pandemic — has shared more than 3.1 million U.S. users' private health information with advertisers and social media platforms including Google, Meta, and TikTok.
In a disclosure first reported by TechCrunch, Cerebral said it used tracking technologies made available by third parties like Google, Meta, and TikTok. It's not uncommon for websites to use these kinds of tracking technologies for advertising and it's not uncommon for those practices to end in data breaches and, yes, even HIPAA violations.
That's just what Cerebral did: After reviewing its use of these technologies and data-sharing practices, the company "determined that it had disclosed certain information that may be regulated as protected health information under HIPAA" to some of those third parties. Cerebral may have accidentally given Google, Meta, and TikTok the personal information of its users such as names, phone numbers, email addresses, birthdays, IP addresses, results of their mental health self-assessments, treatments, and other clinical information.
"Upon learning of this issue, Cerebral promptly disabled, reconfigured, and/or removed the Tracking Technologies on Cerebral’s Platforms to prevent any such disclosures in the future and discontinued or disabled data sharing with any Subcontractors not able to meet all HIPAA requirements," Cerebral said in the disclosure. "In addition, we have enhanced our information security practices and technology vetting processes to further mitigate the risk of sharing such information in the future."
The company's notice to customers is not easy to find. You have to scroll all the way to the bottom of the websitewhere you'll find, in small font: "See herefor more information on the March 2023 HIPAA breach." The social media companies that now have access to this data do not have to delete it, even if the data from Cerebral's breach is supposed to be covered under the U.S. health privacy law HIPAA.
Cerebral is just one of the nearly 50 telehealth startups that shared user data with advertising platforms last year, according to a joint investigation by STAT and The Markup.
TopicsHealthPrivacy
Here's what 'Game of Thrones' actors get up to between takes2025-09-17 00:55
This cello cover of the 'Game of Thrones' theme might be the classiest we've heard2025-09-17 00:43
6 ways to push your online activism into the real world in the Trump era2025-09-17 00:18
Multiple agencies investigating if Russia paid hackers to undermine Clinton2025-09-17 00:09
Aly Raisman catches Simone Biles napping on a plane like a champion2025-09-16 23:38
Sir Ian McKellen sign was a Sir Patrick Stewart meme at Women's March2025-09-16 23:36
How Jadeveon Clowney went from draft bust to forceful freak of nature2025-09-16 22:51
Why more and more singles in China are renting partners2025-09-16 22:50
U.S. pole vaulter skids to a halt for national anthem2025-09-16 22:50
There's a club night especially for people over 40 and it's a dream2025-09-16 22:39
Watch MTV's Video Music Awards 2016 livestream2025-09-17 00:30
Trump didn't drain the swamp, he created these swamp monsters2025-09-17 00:24
Man and his shark best friend are quite the underwater power couple2025-09-17 00:07
The Grateful Dead played a beautiful private show ahead of 'Long Strange Trip' premiere2025-09-16 23:44
There's a big piece of fake chicken stuck to this phone case2025-09-16 23:39
Improved Apple Pencil 2 could launch with new iPad Pro2025-09-16 23:28
Woman eats two entire durian fruit because she couldn't bring them onto a train2025-09-16 23:12
As service closes, Viners send off their final farewells2025-09-16 23:08
This app is giving streaming TV news a second try2025-09-16 22:40
Here's some of the major newspaper front pages from Inauguration Day2025-09-16 22:26
