PillPack LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
PillPack LLC, a subsidiary of Amazon Pharmacy, experienced a cybersecurity attack that affected the accounts of nearly 20,000 customers. The breach, which was reported on May 19, 2023, involved an unauthorized person using customer emails and passwords to log into PillPack customer accounts. Over 3,000 of these accounts contained prescription information. However, Social Security numbers and payment information were not compromised in the attack[4].
PillPack’s internal investigation confirmed that the emails and passwords used in the breach were not obtained from its website. The company believes that the customer login credentials were likely taken from other websites where customers used the same login information. After detecting suspicious activity, PillPack reset customer passwords and enabled multifactor authentication to prevent further unauthorized access. No evidence was found of any unusual activity within the affected accounts or of the information being misused[4][7].
The breach occurred between April 2 and April 6, with suspicious login attempts detected on April 3. For those users whose prescription information was accessed, the breach revealed information related to their PillPack prescriptions and the contact information for their prescribing providers[4].
This cybersecurity incident is part of a broader trend of increasing healthcare data breaches. In May 2023 alone, hacking/IT incidents accounted for 81.33% of all reported healthcare data breaches, affecting the protected health information of nearly 19 million individuals[17].
Citations:
- https://www.justice.gov/usao-nh/pr/pillpack-amazon-pay-300000-settle-alleged-controlled-substances-act-violations
- https://www.bbb.org/us/nh/manchester/profile/pharmacy/pillpack-llc-0051-92036011/accreditation-information
- https://www.complaintsboard.com/pillpack-b139701
- https://www.fiercehealthcare.com/health-tech/cybersecurity-attack-against-amazons-online-pharmacy-pillpack-exposed-user-health-data
- https://caselaw.findlaw.com/court/us-1st-circuit/2050782.html
- https://www.hcinnovationgroup.com/cybersecurity/news/13030867/44m-patient-records-breached-in-q3-2018-protenus-finds
- https://www.healthcaredive.com/news/Amazon-PillPack-data-breach/650876/
- https://www.classaction.org/media/turner-v-pillpack-inc_1.pdf
- https://www.hcinnovationgroup.com/clinical-it/news/13027956/first-in-georgia-childrens-healthcare-of-atlanta-gets-stage-7-honors
- https://www.pillpack.com/privacy-notice
- https://www.hcinnovationgroup.com/population-health-management/news/13029005/nihs-all-of-us-research-issues-initial-research-protocol
- https://www.classaction.org/media/williams-v-pillpack-llc.pdf
- https://wiki.alquds.edu/?query=Jeff_Bezos
- https://www.amazon.com/gp/help/customer/display.html?nodeId=GVUKSDLFD49P9GM2
- http://wanderlustfamilyadventure.com/cape-ann-road-trip/
- https://www.cnbc.com/2019/05/10/why-amazon-bought-pillpack-for-753-million-and-what-happens-next.html
- https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/