Truepill, a digital well being startup that gives pharmacy success providers for healthcare organizations, has confirmed that hackers accessed the private information of greater than 2.3 million sufferers.
In a data breach discover printed on its web site, the corporate says Postmeds, the father or mother firm behind TruePill, skilled a “cybersecurity incident” that allowed unnamed attackers to achieve entry to information used for pharmacy administration and success providers between August 30 and September 1.
Get in contact
Do you could have extra details about the Truepill data breach? You may contact Carly Web page securely on Sign at +441536 853968 or by e-mail. You too can contact information.killnetswitch through SecureDrop.
The corporate’s investigation discovered that the accessed information contained delicate buyer info, together with affected person names, unspecified demographic info, medicine kind, and the title of the affected person’s prescribing doctor. Truepill stated Social Safety numbers weren’t concerned, as the corporate doesn’t obtain this info.
Truepill confirmed 2.3 million sufferers had been affected in keeping with a required authorized submitting submitted to the U.S. Division of Well being and Human Companies’ data breach reporting portal. Truepill’s web site says the corporate has served greater than three million sufferers and delivered 20 million prescriptions because it was based in 2016.
Truepill stated it was enhancing its security protocols and rolling out further cybersecurity coaching for workers. The corporate didn’t say how its methods had been compromised or what particular measures it has carried out to forestall future breaches, and a spokesperson didn’t reply to information.killnetswitch’s questions.
The data breach — information of which was first shared with impacted people on October 30 — is already the topic of a class-action lawsuit, which alleges that the cybersecurity incident was a direct results of Postmeds’ failure to implement sufficient information security measures to safeguard buyer info. Particularly, the grievance accuses the corporate of not encrypting delicate healthcare info saved on its servers.
Final week, Truepill settled with the U.S. Drug Enforcement Administration over allegations the pharmacy illegally disbursed hundreds of prescriptions for managed substances.
“With this settlement, Truepill has accepted accountability for working an unregistered on-line pharmacy, filling prescriptions for Schedule II managed substances in extra of the 90-day restrict, and filling prescriptions written by medical suppliers who didn’t have the required licenses, all in violation of federal regulation,” the DEA wrote in a press launch on November 6.