Cerebral Unintentionally Leaks Patient Data to Google, Meta, and TikTok

  • By Steven
  • Mar 16, 2023

Cerebral is an online mental health company that's attempting to bring mental health care to patients around the country virtually. The company deals with tens of thousands of patients, and we've just learned that many of those patients may have had their information exposed to companies like Meta, Google, and TikTok. Cerebral is a startup company, and unfortunately, it isn't that unusual for startups to suffer from data issues such as this one. 

How Did the Attack Occur?

It isn't accurate to call this Cerebral data leak an cyber attack. The company was utilizing tracking tools from TikTok, Meta, and Google. Those tracking tools shared information with the companies that Cerebral isn't allowed to share. By trying to monitor its campaigns, it leaked confidential information protected by HIPAA and inadvertently damaged its reputation. It's unclear whether this will cause serious damage to the company or not, but it's a violation of its patients' trust, and the company will certainly suffer some reputation damage at the very least. 

What Information Was Viewed or Stolen?

Cerebral made the mistake of sharing information protected by HIPAA, such as mental health self-assessments, clinical information, and different treatments, as well as more generic email addresses, phone numbers, full names, IP addresses, and more. This information was all given to Meta, Google, and TikTok because of the tracking software used by Cerebral, and that's a serious violation that could hurt the company and that exposes the many patients that trusted the company. 

How Did Business Admit to the Breach?

Cerebral did as little as possible to make it known that this happened. The company put up a small notice on the bottom of its website that overviews the details of the March 2023 data leak. The details spell out all the issues, but few people are likely to see the disclosure because of how Cerebral put up the information. It's similar to the side effects posted on the medication infomercials. Clearly, Cerebral is trying to avoid shouting its mistake to the public. The company has taken immediate steps to avoid sharing this sort of information in the future, but the damage is already done to so many patients. 

What Will Become of the Stolen Information?

While it's unlikely that the three major companies with the user information will use it for fraud, there is no way to take the leaked data back from the organizations. They are free to utilize the medical data any way they like, and it could be used for advertising and other forms of monetary gain if the companies decide to do so. 

What Should Affected Parties Do in the Aftermath of the Breach?

Affected parties in the Cerebral fallout should reconsider whether or not they want to trust their medical information to other online companies, especially startups such as Cerebral. Startup companies are known for being bad at protecting customer data, and that's exactly the case in Cerebral's situation. Customers can take their business away from Cerebral if they feel strongly about the situation, but there aren't many other changes they have available to implement. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Caesars Entertainment Gets Hacked, Exposing Countless Gamblers

Caesars Entertainment Gets Hacked, Exposing Countless Gamblers

Caesars Entertainment is one of the largest casino companies in the United States and is well-known for its loyalty program. The company serves countless customers in Las Vegas and elsewhere throughout the world.

Travel Technology Company Sabre Suffers a Vast Data Breach

Travel Technology Company Sabre Suffers a Vast Data Breach

Sabre is a huge technology company that serves as a powerful travel reservation system for many of the major hotels and airlines in the United States.

Weekly Cybersecurity Recap September 15

Weekly Cybersecurity Recap September 15

This week, data breaches were particularly bad, with attacks impacting travel technology giant Sabre, production giant Johnson and Johnson, and medical company Amerita.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address