Over two million users hit by top US pharmacy provider data breach

Furthermore, the company, a business-to-business pharmacy platform that provides pharmacy product deliveries from businesses to customers across the US via APIs, also began sending out breach notifications to affected customers, allegedly stating that it discovered the unauthorized access on August 31 2023 - although subsequent investigation revealed a data breach the day before.

Lawsuits on the way?

As per the reports, the (yet) unidentified threat actors stole people’s full names, medication types, demographic information, and names of prescribing physicians. Social Security Numbers (SSN), payment data, or similar, were not taken. While that might sound like a silver lining, the fact remains that there is plenty of data here to run phishing or identity theft scams.

The breach already resulted in class-action lawsuits. The HIPAA Journal reported that the first lawsuit argued the company “failed to implement appropriate systems to prevent unauthorized access to patient data.” To make matters worse, this could be just one of many lawsuits to come Truepill’s way. BleepingComputer reported that some of the people who received data breach notifications never used the services and have no idea how the company obtained their data. The company also took too long to notify the affected individuals, which might also serve as grounds for a class-action lawsuit. 

Some regulations force businesses to disclose data breaches faster in order to protect consumers from possible social engineering attacks. It’s impossible to know how many emails, pretending to be sent from Truepill, people received in these past two and a half months.

Via BleepingComputer

More from TechRadar Pro

• A major online torrent service has suffered a major data breach - check if you're affected
• Here's a list of the best firewalls services today
• These are the best malware removal tools right now