Truepill Data Breach Exposes Personal Information of 2.3 Million Patients
Online pharmacy operator Truepill, also known as Postmeds, has begun notifying the more than 2.3 million patients affected by the cyberbreach.
A data breach at Truepill, which fulfills mail order prescriptions for pharmacies, has exposed the personal information of more than 2.3 million patients, according to the company, which is also known as Postmeds.
The cybersecurity incident involved patient information including their names, medication type and in some instances demographic information and/or their prescribing physician's name, according to a notice on the company's website. Truepill said it began to mail those affected by the incident on October 30.
The company did not immediately respond to requests for comment.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
The incident is part of a growing list of cyber attacks in the healthcare sector, which has led to the exposure of personal information of millions of patients.
Truepill said that it discovered on August 31 that a bad actor gained access to a subset of files used for pharmacy management and fulfillment services. Following an immediate investigation, it determined that the files were accessed between August 30 and September 1.
In a filing on the Department of Health and Human Services’ breach portal, Postmeds said that 2.36 million individuals were impacted by the hack. The company said that it has enhanced “security protocols and technical safeguards” and is implementing training for its employees to prevent another incident.
"We also encourage affected individuals to regularly review their information for accuracy, as a best practice, including information they receive from their healthcare providers," the company said.
If you are a Truepill patient and have questions about the hack, the company says you can contact its confidential call center at 1-855-457-9143, Monday through Friday.
A “foreseeable and preventable” hack
A class action lawsuit over the incident has already been filed against PostMeds. The suit claims that the incident was “foreseeable and preventable” and was a direct result of the company's failure to implement adequate data security measures to safeguard information.
The hack and suit follow Truepill's settlement with the Drug Enforcement Administration (DEA). With the settlement, Truepill accepted responsibility for operating unregistered online pharmacy, filling prescriptions for certain controlled substances in excess of the 90-day limit, and filling prescriptions written by unlicensed medical professionals, the DEA said.
If you are or become a victim of a data breach, taking action within the first 48 hours can make a big difference in protecting your information, experts say. They recommend taking these seven actions right away.
Related Content
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
Joey Solitro is a freelance financial journalist at Kiplinger with more than a decade of experience. A longtime equity analyst, Joey has covered a range of industries for media outlets including The Motley Fool, Seeking Alpha, Market Realist, and TipRanks. Joey holds a bachelor's degree in business administration.
-
Stock Market Today: Dow Logs Longest Losing Streak Since April
The November Producer Price Index showed that inflation remains a tough beast to tame.
By Karee Venema Published
-
Why Uber Stock Is Volatile After GM's Cruise Announcement
Uber stock is swinging this week following news that General Motors is restructuring its Cruise unit. Here's what you need to know.
By Joey Solitro Published