Postmeds, doing business as 'Truepill' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information.
Truepill is a B2B-focused pharmacy platform that uses APIs for order fulfillment and delivery services for direct-to-consumer (D2C) brands, digital health companies, and other healthcare organizations across all 50 states in the U.S.
According to the U.S. Department of Health and Human Services Office for Civil Rights breach portal the incident incident impacts 2,364,359 people.
The far-reaching impact of the incident may lead to legal consequences as multiple class action lawsuits are being prepared across the country, arguing that the breach would have been prevented if Postmeds maintained a better security stance compatible with the industry guidelines.
Specifically, Postmeds is blamed for not encrypting sensitive healthcare information stored on its servers, which would significantly lessen the impact of a data breach.
The delay in notifying consumers may also be part of the possible lawsuits, as the firm took more than two months to inform affected persons.
Full article https://www.bleepingcomputer.com/news/security/pharmacy-provider-truepill-data-breach-hits-23-million-customers/
#Postmeds #Truepill #USA #databreach #yokdata #security #privacy #blog