Others · April 4, 2023

Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers

For years, online alcohol recovery toptechtrends.com/2020/05/11/people-are-in-the-fights-of-their-lives-with-alcohol-use-disorders-and-monument-wants-to-help/”>startups Monument and Tempest were sharing the personal information and health data of their patients with advertisers without their consent.

Monument, which acquired Tempest in 2022, confirmed the extensive years-long leak of patients’ information in a data breach notification filed with California’s attorney general last week, blaming their use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest.

In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share information about visitors to their websites with tech giants, and often used for analytics and advertising.

The data shared with advertisers includes patient names, dates of birth, email and postal addresses and phone numbers, and membership numbers associated with the companies and patients’ insurance provider. The data also included the person’s photo, unique digital ID, what services or plan the patient is using, appointment information, and assessment and survey responses submitted by the patient, which includes detailed responses about a person’s alcohol consumption and used to determine their course of treatment.

Monument’s own website says these survey answers are “protected” and “used only” by its care team.

Monument confirmed that it shared patients’ sensitive data with advertisers since January 2020, and Tempest since November 2017. Both companies say they have removed the tracking code from their websites. But the tech giants are not obligated to delete the data that Monument and Tempest shared with them.

It’s not clear how many thousands of users Monument and Tempest have. Monument spokesperson Amanda Giddon did not respond to an email by TechCrunch requesting comment.

Monument and Tempest are the latest healthcare companies to disclose the inadvertent sharing of patient data with third-parties by way of tracking technologies. Last month, online mental health startup Cerebral confirmed it had exposed the personal and health information of toptechtrends.com/2023/03/10/cerebral-shared-millions-patient-data-advertisers/”>more than 3 million patients who signed up to its services because of a similar years-long leak of data to third-party advertisers.

toptechtrends.com/2023/03/10/cerebral-shared-millions-patient-data-advertisers/”>Telehealth startup Cerebral shared millions of patients’ data with advertisers

toptechtrends.com/2023/04/04/monument-tempest-alcohol-data-breach/”>Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers by toptechtrends.com/author/zack-whittaker/”>Zack Whittaker originally published on toptechtrends.com/”>TechCrunch

About The Author