Cerebral, a telemedicine start-up, has admitted to inadvertently sharing the private patient data of more than 3.1 million United States customers with social media giants like Facebook, Google, TikTok and more.
As reported by TechCrunch, Cerebral disclosed the lapse in a filling, and admitted that it shared the data of patients who used the app to look for mental health care services.
Also Read | Apple CEO Tim Cook pushes for mixed-reality launch despite warnings: Report
In the filing, Cerebral says that "if an individual created a Cerebral account," then it's likely their "name, phone number, email address, date of birth, IP address, Cerebral client ID number, and other demographic or information" were shared in the lapse.
In addition, if anyone used Cerebral's services to take the company's mental self-health assessment, then the information might also contain "the service the individual selected, assessment responses, and certain associated health information".
If, in addition to creating a Cerebral account, an individual also completed any portion of Cerebral’s online mental health self-assessment, the information disclosed may also have included "the service the individual selected, assessment responses, and certain associated health information".
Also Read | GPT-4 coming soon, may bring video, photo inputs to ChatGPT and Bing AI
It doesn't end there. If you were unlucky enough to buy Cerebral's subscription plans, then the company also shared "subscription plan type, appointment dates and other booking information, treatment, and other clinical information, health insurance/pharmacy benefit information (for example, plan name and group/member numbers), and insurance co-pay amount".
What makes it worse is that this data was being sent in real-time through ad trackers, cookies and other means that Cerebral had embedded within the app. The company said that the data collected dated back to 2019 and it has removed the trackers from its app.