The Federal Trade Commission (FTC) reached a settlement with online mental health services company Cerebral. The charges stemmed from Cerebral's failure to secure and protect sensitive customer health data.
Cerebral, known for its online platform that connects patients with mental health professionals, allegedly failed to implement proper safeguards for user information. This included sensitive data like names, medical and prescription histories, home addresses, and even diagnoses.
The FTC complaint further accuses Cerebral of sharing this information with third-party vendors for advertising purposes, despite assurances to the contrary in their privacy policy. Additionally, the company reportedly allowed former employees to access user medical records for months after their termination.
The settlement compels Cerebral to pay $7 million and enforces stricter data protection measures. This includes limitations on how the company can use or disclose sensitive consumer data and a requirement to provide a clear and easy method for users to cancel services.
This incident highlights the importance of data security in the healthcare industry, particularly for companies dealing with sensitive mental health information.