FTC slaps penalty for leaking sensitive health data to Facebook

Cybersecurity Analysts Image

The Federal Trade Commission, also known as the FTC, recently announced a significant settlement with the health firm Cerebral, requiring the company to pay $7,000,000 for mishandling patient information and inadvertently sharing sensitive details with advertising companies, such as Facebook.

Delving into the specifics, Cerebral, a telehealth company specializing in providing medication and therapy for mental health conditions like anxiety, bipolar disorder, and palpitations, disclosed in March 2023 that data pertaining to 3.2 million of its customers, gathered through various websites, applications, and services, had been exposed to advertising firms through certain tracking tools like Facebook Pixels.

Further investigation revealed that Cerebral’s website was transmitting sensitive information to third-party platforms such as LinkedIn, Snapchat, and TikTok, potentially allowing these platforms to utilize the data for targeted advertising, even for patients who had opted out of such campaigns.

The incident underscores the critical importance of data security and privacy in building trust with website users. When businesses engage in practices that involve selling data to promotional firms, it jeopardizes user trust and drives away web traffic, as privacy becomes paramount.

For companies heavily reliant on data, prioritizing investments in securing user or patient data is essential before considering growth and expansion. It’s imperative to avoid any data analytics collaborations with advertising agencies, as demonstrated by past scandals like the Facebook Cambridge Analytica debacle, which serve as stark reminders of the risks involved.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display