In recent months, online alcohol recovery startups Monument and Tempest have been receiving criticism for sharing the personal information and health data of their patients without their consent. In a statement, Monument admitted that it had shared patient data with advertisers without consent for years, but claimed that this practice had ceased as of March 2018. Critics argue that this practice is invasive and unnecessary, and that patients should have the ability to choose whether or not their details are shared.
In the notification filed with California’s attorney general, Monument confirmed that a data breach occurred in 2022, involving the extensive release of patient information by their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest. The company estimated that over 143 million patients were impacted by this breach and saw their personal information including Names, addresses, dates of birth and partial medical records released online. While no details on how this data was obtained have been released yet, it is likely that hackers gained access to these tracking systems through vulnerabilityscanning activities or social engineering techniques.
To help keep track of how website visitors are interacting with their websites, many companies use small snippets of code called “web trackers.” These trackers often collect information such as the pages a visitor visits, how long they spend on each page, and which ads they click. Recently, two major tech companies confirmed that they were using web trackers: Google and Facebook. By sharing this information with these companies, website owners can understand which parts of their websites users find most interesting and useful. This allows them to improve the usability and design of their websites for future visitors.
All this information is valuable to companies looking to target their advertising to specific patient populations. By gathering and analyzing this data, doctors can identify patterns in the way patients consume alcohol, which can help them better prescribe treatment plans. In addition, analyses of patient survey responses can give manufacturers insight into what people want when it comes to alcohol products.
The Monument website states that the survey results are “protected” and “used only” by the care team. However, upon examination of the website’s source code, it appears that these results may be accessible to anyone with access to Monument’s database. This raises ethical questions about how much information the care team is able to access and use without consent or explanation.
The tech companies Monument and Tempest confirmed that they had shared patients’ sensitive data with advertisers since January 2020 and November 2017, respectively. Both companies claim to have removed the tracking code from their websites, but the data is still available to be accessed by third-party advertisers. The tech giants are not obligated to delete the data that was shared with them, meaning patients’ personal information remains vulnerable to being collected and used by third parties.
Some experts are saying that Monument and Tempest could be two of the most important new companies entering the tech sphere in a long time. Both companies have innovative products that could change the way we work and learn, and their impact on the industry is still being determined.
In light of recent healthcare data breaches, companies are starting to disclose the inadvertent sharing of patient data with third-parties by way of tracking technologies. This leak of personal and health information raises concerns about how secure our information really is, and how susceptible we are to hackers who could potentially access this data without our knowledge or consent.