Telehealth startup Cerebral is under fire for reportedly sharing millions of patients’ data with advertisers. The company, which provides virtual mental health services, has been accused of violating patients’ privacy by sharing their sensitive medical information without consent.
According to a report by The Information, Cerebral shared data with a third-party advertising platform called AppsFlyer, which then passed it on to Facebook and Google for targeted advertising. The data reportedly included patients’ names, addresses, dates of birth, and mental health conditions.
The revelation has sparked outrage among privacy advocates and patients who trusted Cerebral to keep their medical information confidential. The startup has been criticized for not being transparent about its data-sharing practices and for failing to obtain patients’ explicit consent before sharing their information.
Cerebral, which has raised more than $157 million in funding, has apologized for the data breach and promised to take steps to prevent it from happening again. In a statement, the company said it had stopped sharing patient data with AppsFlyer and was conducting a review of its data practices.
“We take our patients’ privacy very seriously and are deeply sorry for any harm this may have caused,” Cerebral said. “We are committed to being transparent about our data practices and to earning back the trust of our patients.”
The company also said it had notified affected patients and was providing them with free credit monitoring services. However, the damage has already been done, and patients are now left wondering whether their sensitive medical information is being used for targeted advertising without their consent.
The incident highlights the growing concerns about privacy and data security in the telehealth industry, which has boomed during the COVID-19 pandemic. As more people turn to virtual healthcare services, there is a need for strict regulations and oversight to ensure that patients’ sensitive medical information is kept confidential.
Privacy advocates are calling for stricter regulations and penalties for companies that violate patients’ privacy. They argue that companies like Cerebral should be required to obtain patients’ explicit consent before sharing their medical information and should face harsh penalties for failing to do so.
The incident also underscores the importance of patient education and awareness about privacy and data security. Patients need to be informed about their rights and how their medical information is being used and shared, so they can make informed decisions about their healthcare providers.
In conclusion, the data breach at Cerebral is a wake-up call for the telehealth industry to prioritize patient privacy and data security. As more people turn to virtual healthcare services, it is crucial that companies take steps to protect patients’ sensitive medical information and earn their trust. Patients deserve to know that their medical information is being handled with care and respect, and that their privacy is being respected at all times.