Healthcare Platform Cerebral Alerts 3.1 Million Users They Are At Risk Of Identity Theft Featured
Numerous class action lawsuits were recently launched after Mental health application platform provider Cerebral disclosed it experienced a data breach affecting around 3.17 million users. According to the lawsuit, data was leaked to third parties via a tracking pixel’s data logging feature. Cerebral estimates the data was leaked to third parties from October 12, 2019 to January 3, 2023.
Cerebral is a remote tele health company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse.
Due to a tracking pixel’s data logging features, Cerebral said the sensitive medical information of people who used the provider’s platform was exposed to third parties without the patient’s permission.
What Information Was Leaked and Who Was It Leaked To?
In a ‘Notice of HIPAA Privacy Breach’ published on Cerebral’s site this week, the company disclosed that they had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third party subcontractors on its online services since October 12, 2019.
Information obtained by third parties include:
- Full name
- Phone number
- Email address
- Date of birth
- IP address
- Cerebral client ID number
- Demographic information
- Self-assessment responses and associated health information
- Subscription plan type
- Appointment dates
- Treatment details and other clinical information
- Health insurance/ pharmacy benefit information
This information may have been leaked to third parties from October 12, 2019, through January 3, 2023, when the company realized that data was being exposed via tracking pixels.
Cerebral clarifies that no matter the level of user interaction with its platforms, their Social Security number, credit card information, and bank account information have not been impacted.
Should You Be Worried?
Given the information exposed in the breach, victims may be targeted for phishing attacks, either via email, or through spam SMS text message, a practice known as “smishing.”
Cerebral is offering one free month of credit monitoring for anyone at risk of identity theft and fraud, and has advised users to reset their passwords out of an abundance of caution.