Heimdal
article featured image

Contents:

Truepill data breach exposed sensitive information belonging to 2,364,359 people and risks multiple lawsuits.

The B2B-focused pharmacy platform discovered the incident on August 31, 2023. They promptly launched an investigation and took additional security measures to contain the incident.

However, they only began notifying the impacted people on October 30th.

The Truepill Data Breach Impact

After gaining unauthorized access, threat actors exfiltrated a series of sensitive data:

  • Customer`s full name
  • Medication type
  • Demographic information
  • Name of the prescribing physician

Although Social Security Numbers weren`t exposed – Truepill doesn`t collect that data – hackers still have enough details for social engineering campaigns. Identity theft and phishing campaigns are also a possibility.

In the notice, the company advised the affected customers to

regularly review their information for accuracy, as a best practice, including information they receive from their health care providers.

Source – Truepill notice

Why Do Customers Sue Truepill

Customers accuse Truepill of negligence and failure to comply with federal regulations. Reportedly, they already filed six proposed federal class action lawsuits against the pharmacy platform.

California’s data breach notification law requires organizations that collect personal data to notify impacted people if a data breach occurs.

Notification must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Source – IT Governance USA

Customers claim Truepill handled their private data improperly and notified them too late regarding the data breach. Indeed, Truepill didn`t encrypt the healthcare information they stored on the servers. Additionally, it took the company two months from the moment they discovered the breach to warn the affected people.

 

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE