We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Cerebral Shared Patient Data with Google, Meta, TikTok

Cerebral Shared Patient Data with Google, Meta, TikTok
Author Image Zane Kennedy
Zane Kennedy Published on 16th March 2023 Cybersecurity Researcher

Cerebral has admitted to sharing sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party platforms.

The disclosure from the telehealth startup was made in a notice posted on the company's website, revealing that "On January 3, 2023, Cerebral determined that it had disclosed certain information that may be regulated as protected health information (“PHI”) under HIPAA to certain Third-Party Platforms and some Subcontractors without having obtained HIPAA-required assurances."

The shared information included patients' names, phone numbers, email addresses, birth dates, IP addresses, health insurance information, appointment dates, treatments, and other clinical information. It may have even exposed customer answers to mental health self assessments on the company's website and app.

Worryingly, the tech giants that have previously accessed and stored Cerebral user data do not have to delete it, despite this sensitive information being covered by HIPAA.

It was revealed that the company had been using tracking technologies, such as those created by Google, Meta, and TikTok, since they launched in October 2019. These trackers collected information regarding Cerebral users and shared it with the aforementioned tech giants for analytics and advertising purposes.

The disclosure further stated that: "Upon learning of this issue, Cerebral promptly disabled, reconfigured, and/or removed the Tracking Technologies on Cerebral's Platforms to prevent any such disclosures in the future and discontinued or disabled data sharing with any Subcontractors not able to meet all HIPAA requirements. In addition, we have enhanced our information security practices and technology vetting processes to further mitigate the risk of sharing such information in the future".

The Department of Health and Human Services is conducting an official investigation into this user privacy violation at Cerebral. This isn’t the first time Cerebral has been under the microscope — an investigation was launched by the U.S. Federal Trade Commission in June 2022 to examine suspicions that Cerebral had engaged in deceptive or unfair practices related to the advertising or marketing of mental health services.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.