Truepill, a digital health startup that provides pharmacy services to healthcare organizations, confirmed that hackers accessed the personal data of more than 2.3 million patients.
in Data breach notification Postmeds, the parent company behind TruePill, experienced a “cybersecurity incident” that allowed unnamed attackers to access files used to manage pharmacies and fulfillment services between August 30 and September 1, the company says on its website.
keep in touch
Do you have more information about the Truepill data breach? You can contact Carly Page securely on Signal on +441536 853968 or via email. You can also contact TechCrunch via SecureDrop.
The company’s investigation found that the files accessed contained sensitive customer information, including patient names, unspecified demographic information, the type of medication, and the name of the doctor who prescribed the patient. Truepill said Social Security numbers were not involved because the company does not receive that information.
Truepill confirmed that 2.3 million patients were affected, according to the required legal filing submitted to the company’s board of directors US Department of Health and Human Services Data Breach Reporting Portal. Truepill’s website says the company has served more than three million patients and filled 20 million prescriptions since its founding in 2016.
Truepill said it is working to strengthen its security protocols and roll out additional cybersecurity training for employees. The company did not say how its systems were hacked or what specific measures it has implemented to prevent future breaches, and a spokesperson did not respond to TechCrunch’s questions.
The data breach — news of which was first shared with affected individuals on October 30 — is already a topic Class action, which claims that the cybersecurity incident was a direct result of Postmeds’ failure to implement adequate data security measures to protect customer information. Specifically, the complaint accuses the company of not encrypting sensitive healthcare information stored on its servers.
Last week, Trubel The settlement was made with the US Drug Enforcement Administration Due to allegations that the pharmacy illegally dispensed thousands of prescriptions for controlled substances.
“Under this settlement, Truepill accepted liability for operating an unregistered online pharmacy, filling prescriptions for Schedule II controlled substances in excess of the 90-day limit, and filling prescriptions written by medical providers who did not have the required licenses, all in violation of “In compliance with federal law,” the DEA wrote in a Nov. 6 news release.