Home > Tech

Telehealth startup gave private health information to Google, Meta, TikTok, and more

Hello, HIPAA violation!
By Christianna Silva  on 
Share on Facebook Share on Twitter Share on Flipboard
A person with a mask on looking at their phone while a dark figure looms over their shoulder.
Who has access to your health data? Credit: Mashable illustration / Vicky Leta

Startups are notoriously bad at keeping our data safe. Cerebral — a telehealth startup that launched into popularity during the early days of the coronavirus pandemic — has shared more than 3.1 million U.S. users' private health information with advertisers and social media platforms including Google, Meta, and TikTok.

In a disclosure first reported by TechCrunch, Cerebral said it used tracking technologies made available by third parties like Google, Meta, and TikTok. It's not uncommon for websites to use these kinds of tracking technologies for advertising and it's not uncommon for those practices to end in data breaches and, yes, even HIPAA violations.

That's just what Cerebral did: After reviewing its use of these technologies and data-sharing practices, the company "determined that it had disclosed certain information that may be regulated as protected health information under HIPAA" to some of those third parties. Cerebral may have accidentally given Google, Meta, and TikTok the personal information of its users such as names, phone numbers, email addresses, birthdays, IP addresses, results of their mental health self-assessments, treatments, and other clinical information. 

Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
SEE ALSO: Everything you need to know about the TikTok ban in the U.S.

"Upon learning of this issue, Cerebral promptly disabled, reconfigured, and/or removed the Tracking Technologies on Cerebral’s Platforms to prevent any such disclosures in the future and discontinued or disabled data sharing with any Subcontractors not able to meet all HIPAA requirements," Cerebral said in the disclosure. "In addition, we have enhanced our information security practices and technology vetting processes to further mitigate the risk of sharing such information in the future."

The company's notice to customers is not easy to find. You have to scroll all the way to the bottom of the website where you'll find, in small font: "See here for more information on the March 2023 HIPAA breach." The social media companies that now have access to this data do not have to delete it, even if the data from Cerebral's breach is supposed to be covered under the U.S. health privacy law HIPAA.

Related Stories

Cerebral is just one of the nearly 50 telehealth startups that shared user data with advertising platforms last year, according to a joint investigation by STAT and The Markup.

Topics Health Privacy

Mashable Image
Christianna Silva
Senior Culture Reporter

Christianna Silva is a Senior Culture Reporter at Mashable. They write about tech and digital culture, with a focus on Facebook and Instagram. Before joining Mashable, they worked as an editor at NPR and MTV News, a reporter at Teen Vogue and VICE News, and as a stablehand at a mini-horse farm. You can follow them on Twitter @christianna_j.

Recommended For You
What is TikTok Lite and why is the EU concerned about it?
By Shannon Connellan
The TikTok Lite logo
[Update] T-Mobile, AT&T, Sprint, Verizon slapped with $200M fine — here’s what the FCC says they illegally did with your data
By Matt Binder
User holding iPhone
TikTok sues the U.S. government over ban
By Elena Cavender
A phone displaying the TikTok logo in front of the White House.
Drone footage shows the devastating floods in Rio Grande do Sol
By Teodosia Dobriyanova
Drone footage shows an urban road submerged under water. Caption reads: "Devastating floods"
A batch of updates from Meta puts AI front and center when you use its apps
By Cecily Mauran
Meta logo on a smartphone in front of a background that reads AI
Trending on Mashable
NYT Connections today: See hints and answers for May 12
By Mashable Team
A phone displaying the New York Times game 'Connections.'
NYT Connections today: See hints and answers for May 13
By Mashable Team
A phone displaying the New York Times game 'Connections.'
'Wordle' today: Here's the answer hints for May 12
By Mashable Team
a phone displaying Wordle
'Wordle' today: Here's the answer hints for May 13
By Mashable Team
a phone displaying Wordle
An aurora will light up in unusual places as solar storm rages
By Elisha Sauers
Indiana seeing an aurora borealis
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!