We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Monument and Tempest Shared Patient Data with Advertisers

Monument and Tempest Shared Patient Data with Advertisers
Keira Waddell Published on 7th April 2023 Senior Writer

Alcohol recovery services, Monument and Tempest, have admitted to sharing patients’ private information with advertisers for several years without their consent. Monument disclosed in a filing with the California Attorney General that the tracking tools on their websites may have inadvertently shared sensitive information with advertisers. The data includes patients’ names, photos, dates of birth, email addresses, phone numbers, home addresses, insurance information, and more.

The breach has been attributed to the third-party pixel tracking tools included on its sites. Pixel trackers are snippets of code that are often embedded into websites, ads, or emails. They track users’ activities for both analytics and marketing purposes. However, the sensitive data gained was also shared with third-party advertisers, such as Google, Meta, Pinterest, and more.

Monument stated that the breach also potentially exposed patients’ answers to surveys concerning their alcohol consumption habits, which the company insisted was confidential and exclusively used by its care teams. It says the leak didn’t include social security numbers or credit card information, but it may have affected over 100,000 people.

Following the US government’s guidance to healthcare companies regarding the use of tracking pixels in late 2022, Monument discovered that its pixel tracking tools had been inadvertently exposing user information on its site since January 2020. On the Tempest site, this had been occurring since November 2017.

Although Monument claims to have stopped using "most" tracking tools in late 2022 and completely removed them from its websites by February 2023, third parties are not obliged to delete the information that was shared with them.

Monument CEO Mike Russell told the Verge that protecting patients’ privacy is a “top priority.” He also affirmed that the company has put “robust safeguards in place and will continue to adopt appropriate measures to keep data safe.”

The Monument and Tempest breaches come amidst a wave of recent data leaks involving online health services, like BetterHelp and Cerebral, which also involved pixel trackers. BetterHelp was directed by the FTC to pay $7.8 million due to accusations of sharing patient data with Facebook and Snapchat. Cerebral also recently confessed to having exposed the private information of more than 3.1 million patients to third-party advertisers such as Google, Meta, and TikTok.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.