New York, April 5: Two US-based startups that focussed on counselling alcoholics have been, for years, sharing with advertisers their patients' personal information and health data without their consent, the media reported.
In a disclosure filed with California's attorney general last week, Monument and Tempest said that ad trackers of Facebook, Google, Microsoft and Pinterest led to leak of more than 100,000 patients' information, TechCrunch reported. Data Breach: FBI Admits ‘Malicious Cyber Incident’ on Its Computer Network.
The leaked data includes patient names, dates of birth, email and postal addresses, phone numbers and membership numbers associated with the companies and patients' insurance provider.
Alarmingly, it also included the person's photo, unique digital ID, which services or plan the patient is using, appointment information and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment, the report said. Data Breach: Google Fi Confirms Personal Data Stolen in Recent Cyberattack.
Launched in 2020, Monument is a tele-health service that provides access to prescription medication and therapies to combat alcohol use disorders. Tempest, acquired by Monument in 2022, focuses on curbing alcohol abuse.
According to Monument, it reviewed its use of ad trackers after the US government issued guidance to health companies about them in late 2022. Trackers are embedded into ads, websites, or emails to track information about what a user clicks or the forms they fill out, which then gets used by both parties to create tailored ads or better understand their user bases.
Monument, in its disclosure, confirmed that tracking tools had been exposing user information on its site since January 2020 and on Tempest as far back as November 2017. The companies said they have stopped using "most" tracking tools in late 2022 and "fully disconnected" them from their websites by February this year, the Verge reported. "Protecting our patients' privacy is a top priority," Monument CEO Mike Russell was quoted as saying to The Verge.
"We have put robust safeguards in place and will continue to adopt appropriate measures to keep data safe. In addition, we have ended our relationship with third-party advertisers that will not agree to comply with our contractual requirements and applicable law," he added.
Last month, online mental health startup Cerebral also confirmed it had exposed the personal and health information of more than 3 million patients who signed up to its services because of a similar years-long leak of data to third-party advertisers, the report said.
(The above story first appeared on LatestLY on Apr 05, 2023 06:26 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).