PillPack LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

PillPack LLC, a subsidiary of Amazon Pharmacy, experienced a cybersecurity attack that affected the accounts of nearly 20,000 customers. The breach, which was reported on May 19, 2023, involved an unauthorized person using customer emails and passwords to log into PillPack customer accounts. Over 3,000 of these accounts contained prescription information. However, Social Security numbers and payment information were not compromised in the attack[4].

PillPack’s internal investigation confirmed that the emails and passwords used in the breach were not obtained from its website. The company believes that the customer login credentials were likely taken from other websites where customers used the same login information. After detecting suspicious activity, PillPack reset customer passwords and enabled multifactor authentication to prevent further unauthorized access. No evidence was found of any unusual activity within the affected accounts or of the information being misused[4][7].

The breach occurred between April 2 and April 6, with suspicious login attempts detected on April 3. For those users whose prescription information was accessed, the breach revealed information related to their PillPack prescriptions and the contact information for their prescribing providers[4].

This cybersecurity incident is part of a broader trend of increasing healthcare data breaches. In May 2023 alone, hacking/IT incidents accounted for 81.33% of all reported healthcare data breaches, affecting the protected health information of nearly 19 million individuals[17].

Citations:

  1. https://www.justice.gov/usao-nh/pr/pillpack-amazon-pay-300000-settle-alleged-controlled-substances-act-violations
  2. https://www.bbb.org/us/nh/manchester/profile/pharmacy/pillpack-llc-0051-92036011/accreditation-information
  3. https://www.complaintsboard.com/pillpack-b139701
  4. https://www.fiercehealthcare.com/health-tech/cybersecurity-attack-against-amazons-online-pharmacy-pillpack-exposed-user-health-data
  5. https://caselaw.findlaw.com/court/us-1st-circuit/2050782.html
  6. https://www.hcinnovationgroup.com/cybersecurity/news/13030867/44m-patient-records-breached-in-q3-2018-protenus-finds
  7. https://www.healthcaredive.com/news/Amazon-PillPack-data-breach/650876/
  8. https://www.classaction.org/media/turner-v-pillpack-inc_1.pdf
  9. https://www.hcinnovationgroup.com/clinical-it/news/13027956/first-in-georgia-childrens-healthcare-of-atlanta-gets-stage-7-honors
  10. https://www.pillpack.com/privacy-notice
  11. https://www.hcinnovationgroup.com/population-health-management/news/13029005/nihs-all-of-us-research-issues-initial-research-protocol
  12. https://www.classaction.org/media/williams-v-pillpack-llc.pdf
  13. https://wiki.alquds.edu/?query=Jeff_Bezos
  14. https://www.amazon.com/gp/help/customer/display.html?nodeId=GVUKSDLFD49P9GM2
  15. http://wanderlustfamilyadventure.com/cape-ann-road-trip/
  16. https://www.cnbc.com/2019/05/10/why-amazon-bought-pillpack-for-753-million-and-what-happens-next.html
  17. https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
Breach Submission Date May 19, 2023
Converted Entity Name PillPack LLC
Converted Entity Type Healthcare Provider
State NH
Individuals Affected 19,032
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes