Cerebral Inc. Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Cerebral Inc., contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Cerebral Inc. Data Breach On or about March 1, 2023, Cerebral Inc. (“Cerebral”) sent a Notice of Data Breach Letter (“Breach Letter”) to individuals (“victims”). The Breach Letter informed victims that Cerebral had been using “pixels” and “other similar technologies,” referred to as “Tracking Technologies,” which were made available to Google, Meta (Facebook), TikTok, and “other third parties” (“Third Parties”) on Cerebral’s platforms.” The Breach Letter informed victims that Cerebral discovered, on or about January 3, 2023, “it had disclosed certain information that may be regarded as protected health information (“PHI”) under HIPAA to certain Third-Party Platforms and some Subcontractors without having obtained HIPAA-required assurances” (“data breach”).

According to the Breach Letter, depending upon a victim’s type of interaction with Cerebral, the data breach exposed victim’s name, phone number, email address, date of birth, IP address, client ID number, online mental health self-assessment (including selective service, assessment responses, and certain associated health information), subscription plan type, appointment dates and other booking information, treatment, clinical information, health insurance/pharmacy benefit information (possibly including, plant name/group member numbers,) and co-pay amount.  Even though Cerebral admits in Breach Letter that both PHI and other personally identifiable information (“PII”) were exposed, it assures victims the disclosed information did not include “your Social Security number, credit card information, or bank account information.”

Cerebral Inc. is a mental health telemedicine company incorporated in Delaware, with its principal place of business located at 340 S. Lemon Ave. #9892, Walnut, California, 91789. It provides telehealth services to those experiencing depression, anxiety, ADHD, bipolar disorder, PTSD, insomnia, and other medical conditions. Cerebral also provides medication management, counseling, and therapy.

Cerebral employs more than 4,500 people, and it generates approximately $600 million per year in revenue. The data of over 3.1 million individuals was compromised by this data breach. If you received a Breach Letter from Cerebral, you were impacted by the data breach.

Cerebral has offered victims one year of Experian’s “Identity Works SM,” which is a credit monitoring and identity theft protection service.

WHAT INFORMATION IS INVOLVED?

According to Cerebral, the following information was exposed:

  • Name
  • Phone number
  • Email address
  • Date of birth
  • IP address
  • Client ID number subscription plan type
  • Appointment dates and other booking information
  • Treatment information
  • Clinical information
  • Health insurance/pharmacy information
  • Benefit information (possibly including, plant name/group member numbers,) and co-pay amount)

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

PHI is another form of PII, but it pertains specifically to your health care information, which is protected by state and federal law. Like non-medical PII, PHI can be used by identity thieves to engage in fraudulent activity using your identity.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Cerebral, Inc., contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.