Postmeds, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Postmeds, Inc., doing business as Truepill, experienced a significant data breach that was detected on August 31, 2023. The breach allowed an unauthorized third party to gain access to files used for pharmacy management and fulfillment services between August 30 and September 1, 2023. The compromised data included patient names, medication types, demographic information, and prescribing physician names for over 2.3 million individuals[1][2][4][6][10][11][12].
Truepill is a digital pharmacy provider that fulfills mail-order prescriptions for customers of various online healthcare companies. The company began notifying affected individuals by mail on October 30, 2023, and reported the incident to the Texas Attorney General on October 31, 2023[1][2]. Social Security numbers were not compromised as Truepill does not collect this information[4].
In response to the breach, Truepill has enhanced its security protocols and provided additional cybersecurity training to its workforce[4]. However, the incident has led to multiple class action lawsuits alleging that Truepill failed to adequately protect sensitive data and lacked the necessary preventative measures against such security breaches[1][2][4][5][7][8][13]. The lawsuits claim that the plaintiffs and class members have been placed at significant risk of identity theft and other forms of harm, and that these risks will persist indefinitely[4].
Affected individuals are urged to be vigilant by monitoring their financial accounts, credit reports, and medical bills for any unauthorized activity and to be cautious of unsolicited communications asking for personal information[2]. They may also be entitled to compensation or other remedies and are encouraged to contact law firms that are investigating or have filed lawsuits regarding the breach[1][8].
The breach has highlighted the importance of robust cybersecurity defenses and the need for companies handling personal health information to invest in stringent data protection protocols[2].
Citations:
- https://www.prnewswire.com/news-releases/privacy-alert-online-pharmacy-truepill-also-known-as-postmeds-faces-class-action-investigation-for-data-breach-impacting-over-2-3-million-prescription-records-302007287.html
- https://dataconomy.com/2023/11/14/postmeds-inc-data-breach/
- https://milberg.com/cases/
- https://www.hipaajournal.com/postmeds-truepill-sued-over-2-3-million-record-data-breach/
- https://www.law360.com/articles/1765848/postmeds-slapped-with-another-suit-over-data-breach
- https://news.bloomberglaw.com/privacy-and-data-security/postmeds-hit-with-lawsuit-over-data-breach-affecting-2-4-million
- https://www.law360.com/articles/1764099/online-pharmacy-failed-to-keep-patient-data-safe-suit-says
- https://potterhandy.com/postmeds-data-breach-lawsuit
- https://www.forhers.com/terms-and-conditions
- https://www.turkestrauss.com/2023/11/01/postmeds-data-breach-investigation/
- https://www.fiercehealthcare.com/health-tech/digital-pharmacy-startup-truepill-confirms-hackers-accessed-health-data-23m-users
- https://www.cpomagazine.com/cyber-security/postmeds-digital-pharmacy-truepill-confirms-data-breach-impacting-2-3-million-patients/
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/postmeds-class-action-alleges-data-breach-compromised-customer-personal-health-info/