More Patient Data Exposed Through Tracking Pixels

Alcohol Recovery Startups Monument and Tempest Shared Patients' Private Data With Advertisers

upstart writes:

Alcohol recovery startups Monument and Tempest shared patients' private data with advertisers:

For years, online alcohol recovery startups Monument and Tempest were sharing the personal information and health data of their patients with advertisers without their consent.

Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients' information in a data breach notification filed with California's attorney general last week, blaming their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest.

In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share information about visitors to their websites with tech giants, and often used for analytics and advertising.

The data shared with advertisers includes patient names, dates of birth, email and postal addresses and phone numbers, and membership numbers associated with the companies and patients' insurance provider. The data also included the person's photo, unique digital ID, what services or plan the patient is using, appointment information, and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment.

Monument's own website says these survey answers are "protected" and "used only" by its care team.

Read more of this story at SoylentNews.