CALL 916-777-7777
Youtube Facebook-f X-twitter Linkedin-in

Cerebral Inc. Data Breach

Posted on behalf of Arnold Law Firm in
NOTICE: If you received a NOTICE OF DATA BREACH letter from Cerebral Inc., contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.
Cerebral Inc. Data Breach On or about March 1, 2023, Cerebral Inc. (“Cerebral”) sent a Notice of Data Breach Letter (“Breach Letter”) to individuals (“victims”). The Breach Letter informed victims that Cerebral had been using “pixels” and “other similar technologies,” referred to as “Tracking Technologies,” which were made available to Google, Meta (Facebook), TikTok, and “other third parties” (“Third Parties”) on Cerebral’s platforms.” The Breach Letter informed victims that Cerebral discovered, on or about January 3, 2023, “it had disclosed certain information that may be regarded as protected health information (“PHI”) under HIPAA to certain Third-Party Platforms and some Subcontractors without having obtained HIPAA-required assurances” (“data breach”). According to the Breach Letter, depending upon a victim’s type of interaction with Cerebral, the data breach exposed victim’s name, phone number, email address, date of birth, IP address, client ID number, online mental health self-assessment (including selective service, assessment responses, and certain associated health information), subscription plan type, appointment dates and other booking information, treatment, clinical information, health insurance/pharmacy benefit information (possibly including, plant name/group member numbers,) and co-pay amount.  Even though Cerebral admits in Breach Letter that both PHI and other personally identifiable information (“PII”) were exposed, it assures victims the disclosed information did not include “your Social Security number, credit card information, or bank account information.” Cerebral Inc. is a mental health telemedicine company incorporated in Delaware, with its principal place of business located at 340 S. Lemon Ave. #9892, Walnut, California, 91789. It provides telehealth services to those experiencing depression, anxiety, ADHD, bipolar disorder, PTSD, insomnia, and other medical conditions. Cerebral also provides medication management, counseling, and therapy. Cerebral employs more than 4,500 people, and it generates approximately $600 million per year in revenue. The data of over 3.1 million individuals was compromised by this data breach. If you received a Breach Letter from Cerebral, you were impacted by the data breach. Cerebral has offered victims one year of Experian’s “Identity Works SM,” which is a credit monitoring and identity theft protection service.

WHAT INFORMATION IS INVOLVED?

According to Cerebral, the following information was exposed:
  • Name
  • Phone number
  • Email address
  • Date of birth
  • IP address
  • Client ID number subscription plan type
  • Appointment dates and other booking information
  • Treatment information
  • Clinical information
  • Health insurance/pharmacy information
  • Benefit information (possibly including, plant name/group member numbers,) and co-pay amount)
This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity. PHI is another form of PII, but it pertains specifically to your health care information, which is protected by state and federal law. Like non-medical PII, PHI can be used by identity thieves to engage in fraudulent activity using your identity. The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Cerebral, Inc., contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Settlement - $3,767,000

Truck Accident

A 20-year-old man who had been married for just 12 days left home on his way to work. He was driving on Pleasant Grove Road in Sutter County in the early morning when he came upon a slow-moving truck. As he pulled out to pass the truck, the truck driver turned left in front of him. The young man attempted to steer back into his lane but his vehicle struck an un-flagged piece of metal extending from the back of the truck. He died in the resulting crash.

Expert witnesses brought in by the Arnold Law Firm proved that the truck, owned and operated by a hauling firm, should never have been on the highway that morning. Specifically, the rear and side turn signals did not work and the rear-view mirror was in a poor state of adjustment at the time of the collision. As a result, the driver, who had failed to properly inspect the vehicle before setting out that morning, couldn’t see the young man’s vehicle as it attempted to pass.

The poor condition of the truck, its lack of maintenance and the manner in which it was operated were found to be substantial factors in causing the collision that killed the young man. The testimony also established that the man had been making a lawful pass at the lawful speed limit and acted reasonably when he attempted to avoid the collision.

The man’s 20-year-old widow was awarded $3,767,000.77, his parents were awarded $185,131 and the family was reimbursed $11,899 in funeral expenses. Though money is a poor substitute for a young man’s life, this verdict demonstrates that drivers who endanger the lives of others will be held accountable for their actions.