Heimdal
Home > Cybersecurity News

Truepill Sued Over Data Breach Exposing 2.3 Million Customers

The Pharmacy Platform Is Blamed for Notifying Delay and Exposing Sensitive Data.

Last updated on November 15, 2023

article featured image

Contents:

Truepill data breach exposed sensitive information belonging to 2,364,359 people and risks multiple lawsuits.

The B2B-focused pharmacy platform discovered the incident on August 31, 2023. They promptly launched an investigation and took additional security measures to contain the incident.

However, they only began notifying the impacted people on October 30th.

The Truepill Data Breach Impact

After gaining unauthorized access, threat actors exfiltrated a series of sensitive data:

  • Customer`s full name
  • Medication type
  • Demographic information
  • Name of the prescribing physician

Although Social Security Numbers weren`t exposed – Truepill doesn`t collect that data – hackers still have enough details for social engineering campaigns. Identity theft and phishing campaigns are also a possibility.

In the notice, the company advised the affected customers to

regularly review their information for accuracy, as a best practice, including information they receive from their health care providers.

Source – Truepill notice

Why Do Customers Sue Truepill

Customers accuse Truepill of negligence and failure to comply with federal regulations. Reportedly, they already filed six proposed federal class action lawsuits against the pharmacy platform.

California’s data breach notification law requires organizations that collect personal data to notify impacted people if a data breach occurs.

Notification must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Source – IT Governance USA

Customers claim Truepill handled their private data improperly and notified them too late regarding the data breach. Indeed, Truepill didn`t encrypt the healthcare information they stored on the servers. Additionally, it took the company two months from the moment they discovered the breach to warn the affected people.

 

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

Top 10 Healthcare Data Breaches [2022-2023]How to Prevent Identity Theft With 20 Essential Steps [Updated 2024]What Is Social Engineering?What Is a Data Breach and How to Prevent ItEnd-to-end Encryption (E2EE). What Is It and How It HelpsPhishing attacks explained: How it works, Types, Prevention and Statistics4 Examples of Data Encryption Software to Consider for Your Enterprise

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V