Article Details

Cerebral to pay $7 million settlement in Facebook pixel data leak case. The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse. In March 2023, the company sent out notices of data breach to 3.2 million people who had interacted with its websites, applications, and services, that their information had been exposed due to using tracking pixels on its platform. FTC's complaint charges Cerebral and its former CEO, Kyle Robertson, with disclosing consumers' personal health information to third parties for advertising and not adhering to its cancellation policies. "The complaint charges that Cerebral provided sensitive information of nearly 3.2 million consumers to third parties such as LinkedIn, Snapchat and TikTok by using or integrating tracking tools on its website or apps," reads the announcement. "These tracking tools collect and send data to third parties so they can provide advertising, data analytics, or other services to the owner of the websites or apps." FTC's announcement also lists some alleged bad practices followed by Cerebral that resulted in varying levels of exposure of sensitive health data for consumers, including failure to revoke access of former employees to Cerebral patient records and failure to silo providers and restrict their access only to their patient's records. Moreover, the agency says the company used an insecure single sign-on method to access the patient portal, and Cerebral's failure to restrict employee access only to the data needed for carrying out their job tasks. The proposed order, pending court approval, includes the following provisions: Former CEO Robertson, who is accused of ordering the removal of an "easy cancellation" button from Cerebral's site, has not agreed to a settlement, so the court will decide about his charges.