Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

BetterHelp Shared Users’ Sensitive Health Data, FTC Says

The online counseling service BetterHelp has agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private

The online counseling service BetterHelp has agreed to return $7.8 million to customers to settle with the Federal Trade Commission for sharing health data it had promised to keep private — including information about mental health challenges — with companies including Facebook and Snapchat. The proposed FTC order announced Thursday also limits how the California-based company may share consumer data in the future.

BetterHelp said the settlement was not an admission of wrongdoing and that the behavior for which it was sanctioned is standard for the industry.

Samuel Levine, director of the FTC’s Bureau of Consumer Protection, however, said BetterHelp betrayed consumers’ most personal health information for profit.

“When a person struggling with mental health issues reaches out for help, they do so in a moment of vulnerability and with an expectation that professional counseling services will protect their privacy,” Levine said in a statement. Levine called the proposed order “a stout reminder that the FTC will prioritize defending Americans’ sensitive data from illegal exploitation.”

The enforcement action follows a similar one on Feb. 1 in which telehealth and prescription drug discount provider GoodRx Holdings was assessed a $1.7 million penalty for sharing users’ personal health data with Facebook, Google and other third parties without their consent.

The FTC has made it clear of its intent to crack down on the trafficking in sensitive health data by businesses not strictly classified as health care providers and thus not covered by HIPAA, the federal privacy rules that govern the health care industry.

BetterHelp provides online counseling, including services geared toward Christians, teens and the LGBTQ community. Customers interested in its services fill out questionnaires that ask for sensitive mental health information such as whether they have experienced suicidal thoughts and if they are on medication. They are then matched with counselors.

During the signup process, customers were promised BetterHelp would not use or disclose their personal health data except for limited purposes such as to provide counseling, the FTC said.

The company nevertheless revealed data including email and IP addresses and questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes, the FTC said in its complaint. It also accused BetterHelp of misleading customers and the public in 2020 by falsely denying news reports that it had revealed customers’ personal data to third parties.

Under the proposed order, BetterHelp will provide partial refunds for customers who used the service from Aug. 1, 2017 until the end of 2020, the FTC said.

BetterHelp called the data-sharing practices for which it was sanctioned “industry-standard practice” that is “routinely used by some of the largest health providers, health systems, and healthcare brands.”

“Nonetheless, we understand the FTC’s desire to set new precedents around consumer marketing, and we are happy to settle this matter with the agency,” it added in a statement on its website.

Related: FTC Accuses Data Broker of Selling Sensitive Location Data

Related: FTC Takes Action Against CafePress Over Massive Data Breach, Cover-Up

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...