Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Over two million users hit by top US pharmacy provider data breach

Data Breach.

Truepill, formerly known as Postmeds, suffered a data breach that resulted in sensitive data on more than 2.3 million patients being stolen. 

The US Department of Health and Human Services Office for Civil Rights breach portal listed Truepill (or rather Postmeds) as being under investigation for a data breach that affected a total of 2,364,359 people. 

Furthermore, the company, a business-to-business pharmacy platform that provides pharmacy product deliveries from businesses to customers across the US via APIs, also began sending out breach notifications to affected customers, allegedly stating that it discovered the unauthorized access on August 31 2023 - although subsequent investigation revealed a data breach the day before.


Lawsuits on the way?

As per the reports, the (yet) unidentified threat actors stole people’s full names, medication types, demographic information, and names of prescribing physicians. Social Security Numbers (SSN), payment data, or similar, were not taken. While that might sound like a silver lining, the fact remains that there is plenty of data here to run phishing or identity theft scams.

The breach already resulted in class-action lawsuits. The HIPAA Journal reported that the first lawsuit argued the company “failed to implement appropriate systems to prevent unauthorized access to patient data.” To make matters worse, this could be just one of many lawsuits to come Truepill’s way. BleepingComputer reported that some of the people who received data breach notifications never used the services and have no idea how the company obtained their data. The company also took too long to notify the affected individuals, which might also serve as grounds for a class-action lawsuit. 

Some regulations force businesses to disclose data breaches faster in order to protect consumers from possible social engineering attacks. It’s impossible to know how many emails, pretending to be sent from Truepill, people received in these past two and a half months.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.