Telehealth Startup Cerebral Shared Millions of Patients' Data With Advertisers (techcrunch.com) 42
Cerebral has revealed it shared the private health information, including mental health assessments, of more than 3.1 million patients in the United States with advertisers and social media giants like Facebook, Google, and TikTok. From a report: The telehealth startup, which exploded in popularity during the COVID-19 pandemic after rolling lockdowns and a surge in online-only virtual health services, disclosed the security lapse in a filing with the federal government that it shared patients' personal and health information who used the app to search for therapy or other mental health care services. Cerebral said that it collected and shared names, phone numbers, email addresses, dates of birth, IP addresses and other demographics, as well as data collected from Cerebral's online mental health self-assessment, which may have also included the services that the patient selected, assessment responses, and other associated health information.
And the fine for the HIPAA violations will be? (Score:2)
Six, seven, or 8 zeros in the fine?
Re:And the fine for the HIPAA violations will be? (Score:4, Insightful)
It will be nothing, because fining them would be a waste of time. If they are fined, they just declare bankruptcy and start over. Its not like this kind of website is hard to make.
Re:And the fine for the HIPAA violations will be? (Score:5, Insightful)
It should be treated like traffic in stolen goods - fine the companies that RECEIVED the data (and every company down the line so they can't play shell company games). They knew that millions of people didn't all just say "sure, share my sensitive personal information with whoever will pay for it".
Re:And the fine for the HIPAA violations will be? (Score:5, Interesting)
As a warning to other, their proverbial heads should be put on proverbial spikes. The company should be dismantled. The investors should lose their money. The employees should lose their jobs. Company officers should be fined and put on trial on penalty of imprisonment. And everyone who purchased or received this data and didn't delete it should be sued for damages and forced to delete it.
Re:And the fine for the HIPAA violations will be? (Score:5, Insightful)
Six, seven, or 8 zeros in the fine?
It shouldn't be a fine - it should be the death penalty for the company.
I mean that literally - the corporation should have all its assets seized and all pending payouts to investors wiped from the books. Pay off debts owed to other companies for goods and services they provided, close Cerebral's doors, and distribute what's left among the people whose privacy was callously raped. Bar all the c-levels from ever being company officers, and prosecute individuals as appropriate to the fullest extent of the new laws that need to be on the books to deal with these scum-sucking bottom-feeding parasites.
Re:And the fine for the HIPAA violations will be? (Score:4, Insightful)
Two problems with this. First, that would be an ex post facto law, which is unconstitutional. Second, we don't need new laws to deal with this, we only need to enforce the laws we already have. Passing more and more laws to punish the exact same acts is a waste of time, and only serves to make people think that the government has DONE SOMETHING, when nothing really changes.
Cost of doing business. (Score:5, Informative)
Re:Cost of doing business. (Score:5, Insightful)
The only mistake is that they got found out.
Re:Cost of doing business. (Score:5, Insightful)
Yep. And please, let's not call this a "security lapse" as in the original article. Exactly 0 people buy that. It's not something that happens without intent.
It's all a "cost of doing business". I can't recall a time in my life when any company got fined more money than they made by doing the bad/immoral/illegal thing.
Re:Cost of doing business. (Score:5, Interesting)
Yep. And please, let's not call this a "security lapse" as in the original article. Exactly 0 people buy that. It's not something that happens without intent.
It's all a "cost of doing business". I can't recall a time in my life when any company got fined more money than they made by doing the bad/immoral/illegal thing.
That's because the government, and regulators, are really only pissed off that somebody found a way to make money that they didn't think of first. Give them their cut? "Oh, guess it wasn't that big of a deal."
Re:Cost of doing business. (Score:5, Informative)
And this wasn't a company deciding to do this. People decided to do this.
C-level executives decided to do this. They will have taken their fat salaries for breaking the law and there probably won't be any consequences.
Re:Cost of doing business. (Score:5, Insightful)
Hey wait, I've been told here on slashdot that companies, such as Disney, have rights. The same rights real human beings have.
So companies should be able to suffer the same consequences as real people, too.
Jail and personally fine every C-level and board member. Guaranteed no company will consider this option ever again.
Re:Cost of doing business. (Score:4, Interesting)
Hey wait, I've been told here on slashdot that companies, such as Disney, have rights. The same rights real human beings have.
So companies should be able to suffer the same consequences as real people, too.
Jail and personally fine every C-level and board member. Guaranteed no company will consider this option ever again.
The supreme court ruled that corporations are people. That was probably one of the worst rulings in the court’s history. The only recourse now is an amendment to the constitution and good luck with that. I agree with you, jail everyone involved. Getting caught with an ounce of weed in Arizona would land you a harsher penalty.
Re:Cost of doing business. (Score:5, Funny)
The supreme court ruled that corporations are people.
A wise person once said: "I'll believe that corporations are people when Texas sentences one to death."
Re: (Score:2)
You got flagged as (funny) but it's true. Way too true.
Re: (Score:2)
It was a fucking horrible ruling. They can over turn Citizens United anytime they like, though, we don't require an amendment if they wake up or clarify that corporations are not people but -only- have the right to sign/enforce contracts which is what was supposed to be intended but went way too far in reality so now we have some folks who think companies should get other rights too like 1A. It's wildly fucking ridiculous.
But if it took an amendment then so be it. Corporations already have too much power
Re: (Score:2)
It may currently apply and they're welcome to bring it to court to fight for their alleged 1A rights.
The fact that a huge corporation has chosen to not go there at all and just suck it up instead and get taxed like every other corporation implies to me that their army of lawyers disagrees with you on their 1A rights as they apply to their run-in with DeSantis.
I'm gunna go with the army of Disney lawyers over the slashdot AC on this one.
Re: (Score:2)
Yeah how odd that they'd rather just bend over than fight for their "rights" for "unspecified many other reasons".
Re: (Score:2)
Lol, so 6+ messages later, all about Disney, you decided the fatal flaw in my argument was talking about Disney.
Omg, I am really lmao, dog is looking at me funny, wagging her tail hoping I haven't lost my shit. Gotta go give her a treat to celebrate your idiocy, AC.
Re: (Score:2)
My argument is fully supported. Corporations are a legal fiction. Corporations are not humans. Only humans have human rights, by definition.
Corporations are required by law to be sociopathic. And they're quite successfully adhering to their legal obligations.
I don't care if you return to this thread. You're an AC and you're wrong.
Page 17 of the EULA saids terms can change (Score:5, Interesting)
Re: (Score:2)
And we also have the concept in this country that certain rights can not be signed away.
Especially in some lame click through shrink wrap Eula.
If I put in my Eula that you have to give me your house and I'm going to fuck your wife in your bed anytime I want and you click through that when you install my stupid app, I'd have a hard time enforcing that.
Re: (Score:3)
Re: (Score:2)
As a lawyer, why in heaven's name would you not want to be involved in this? No matter what, you come out of fantastically enriched, unless you do something stupid like agree to be paid some percentage of awards. I would assume lawyers would LOVE this sort of convoluted battle.
Re: (Score:2)
Re: (Score:2)
The courts are unlikely to enforce their eula, either.
How much do you figure I'd get for *not* fucking the wife?
Maybe I should get out my Xcode tools again....
Re: (Score:2)
Re: (Score:2)
Ok ok this is getting too complicated. Just pay my legal fees and $50 for the not fuck and we can call it even.
Re: (Score:2)
Re: (Score:2)
My wife's pussy is priceless, yours, however appears to be subject by a court. :-)
Re: (Score:2)
Re: (Score:2)
It's slashdot. The humorless get offended by everything.
Take care.
Re: (Score:2)
I don't think you can waive your HIPPA rights ... The Govt passed the law. You can't sign something and wala some company is no longer bound by the law. Probably a slap on the wrist and minimal fine, and they promise to never do it again.
The rest of them just haven't been caught yet (Score:3)
We know they are all doing it, looking for ways to sell our information by using some kind of loophole in privacy laws.
business as usual (Score:2)
If you think any of the 3rd party health companies doing business with your providers, or the provides themselves, is any different, think again. The only difference is whether they have protected themselves legally.
This isn't the story. (Score:3)
The real interesting story is in a link found within this one.
https://ocrportal.hhs.gov/ocr/... [hhs.gov]