On March 1, 2023, Cerebral Inc. (“Cerebral”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after learning that certain online tracking technologies called pixels used by the company resulted in the unauthorized disclosure of sensitive consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, phone numbers, mental health assessment responses, insurance information and protected health information. After confirming that consumer data was leaked, Cerebral began sending out data breach notification letters to 3.1 million individuals who were impacted by the recent data security incident.
If you received a data breach notification from Cerebral Inc., it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, a company’s inadvertent disclosure of sensitive consumer information may, in some cases, permit victims of a breach to pursue a legal claim in hopes of obtaining financial compensation from the company. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Cerebral data breach, please see our recent piece on the topic here.
What We Know So Far About the Cerebral Inc. Breach
The available information regarding the Cerebral Inc. breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the Cerebral Inc. website. According to these sources, back in October 2019, Cerebral began using various tracking technologies to better understand how users interact with the company’s website. However, on January 3, 2023, Cerebral learned that through the use of these tracking technologies, it had disclosed certain patient information without having first obtained authorization, as required under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Upon discovering that sensitive consumer data was made available to an unauthorized party, Cerebral Inc. began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, phone number, mental health assessment response, insurance information and protected health information.
On March 1, 2023, Cerebral Inc. sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Cerebral Inc.
Founded in 2020, Cerebral Inc. is a mental health telemedicine company located in Walnut, California. The company offers telehealth services to those experiencing depression, anxiety, ADHD, bipolar disorder, PTSD, insomnia and others, providing patients with medication management, counseling, and therapy. Cerebral Inc. employs more than 4,500 people and generates approximately $660 million in annual revenue.
