Cerebral is a telehealth company that helps connect patients with mental health professionals from around the country. The provider works with tens of thousands of patients and manages a great deal of health information as a result. The company accidentally disclosed some information protected by HIPAA and has just made the issue known to its patients.
The Cerebral breach occurred because the company was utilizing data tracking tools that made too much information available to its subcontractors. Some companies working with Cerebral were able to see more health information about the company's patients than what is approved by HIPAA standards. While there isn't a likely risk of identity theft from the data disclosed, it's still important for patients to be aware that their information is out there more than they might have realized.
The Cerebral data breach has been an issue since October 12, 2019, when new tracking solutions were installed on the company's systems. It wasn't until January 3, 2023, that the company realized it was disclosing more information than it was allowed to. That means that for more than three years, patient data has been being leaked to subcontractors that deal with the company.
This Cerebral breach impacts current and past patients that have used the service. If you entrusted your data to the organization, some of it might have been shared with subcontractors that don't have a right to see it. No financial data, credit card information, or Social Security numbers were shared by this mistake. If you want to avoid this issue in the future, you can block cookies from the Cerebral website and erase your current cookies to prevent the site from having access to as much data.
The Cerebral data leak affects hundreds of thousands of cookie files offered by patients working with the network. The files contain limited health data, but they might still be a concern to some patients, particularly worried about their privacy.