Cerebral Unintentionally Leaks Patient Data to Google, Meta, and TikTok

  • By Steven
  • Published: Mar 16, 2023
  • Last Updated: Mar 17, 2023

Cerebral is an online mental health company that's attempting to bring mental health care to patients around the country virtually. The company deals with tens of thousands of patients, and we've just learned that many of those patients may have had their information exposed to companies like Meta, Google, and TikTok. Cerebral is a startup company, and unfortunately, it isn't that unusual for startups to suffer from data issues such as this one. 

How Did the Attack Occur?

It isn't accurate to call this Cerebral data leak an cyber attack. The company was utilizing tracking tools from TikTok, Meta, and Google. Those tracking tools shared information with the companies that Cerebral isn't allowed to share. By trying to monitor its campaigns, it leaked confidential information protected by HIPAA and inadvertently damaged its reputation. It's unclear whether this will cause serious damage to the company or not, but it's a violation of its patients' trust, and the company will certainly suffer some reputation damage at the very least. 

What Information Was Viewed or Stolen?

Cerebral made the mistake of sharing information protected by HIPAA, such as mental health self-assessments, clinical information, and different treatments, as well as more generic email addresses, phone numbers, full names, IP addresses, and more. This information was all given to Meta, Google, and TikTok because of the tracking software used by Cerebral, and that's a serious violation that could hurt the company and that exposes the many patients that trusted the company. 

How Did Business Admit to the Breach?

Cerebral did as little as possible to make it known that this happened. The company put up a small notice on the bottom of its website that overviews the details of the March 2023 data leak. The details spell out all the issues, but few people are likely to see the disclosure because of how Cerebral put up the information. It's similar to the side effects posted on the medication infomercials. Clearly, Cerebral is trying to avoid shouting its mistake to the public. The company has taken immediate steps to avoid sharing this sort of information in the future, but the damage is already done to so many patients. 

What Will Become of the Stolen Information?

While it's unlikely that the three major companies with the user information will use it for fraud, there is no way to take the leaked data back from the organizations. They are free to utilize the medical data any way they like, and it could be used for advertising and other forms of monetary gain if the companies decide to do so. 

What Should Affected Parties Do in the Aftermath of the Breach?

Affected parties in the Cerebral fallout should reconsider whether or not they want to trust their medical information to other online companies, especially startups such as Cerebral. Startup companies are known for being bad at protecting customer data, and that's exactly the case in Cerebral's situation. Customers can take their business away from Cerebral if they feel strongly about the situation, but there aren't many other changes they have available to implement. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close