Bleeping Computer has reported that Winnipeg based online pharmacy PlanetDrugsDirect has suffered a breach. While there are no details yet on how they were breached, PlanetDrugsDirect has issued a security notification to customers saying, "Our investigation to date indicates that your exposed data may include your name, address, e-mail address, phone number, medical information including prescription(s), and payment information." PlanetDrugsDirect also added that at this time, there is not evidence that passwords have been compromised. Customers are being asked to monitor their bank and credit card accounts for suspicious activity.
PlanetDrugsDirect is a company with over 400,000 customers in Canada and the US. The company is a member of the Canadian International Pharmacy Association (CIPA), an industry association of licenced pharmacies. It remains to be seen what kind of fallout will come from this breach, but Howard Solomon of IT World Magazine has reported that its home page displays an error message as well as the statement, “This website is using a security service to protect itself from online attacks.” In addition, Solomon states that “the site offered a 1-888 number for customers to call for information. (On Friday) morning when the number was dialed from Toronto a recorded message said it was not available from that calling area.” Could this be the end of this business?
Perhaps one of the scariest things about this type of breach is the health information that was breached. Robert Capps, vice-president of market innovation for Vancouver-based NuData Security, a Mastercard company, told Solomon “All this data could provide cybercriminals with enough information to craft fake email messages reminding them of a refill, for example, to trick victims into ordering prescription refills from untrusted sources – of fake ones.” Capps also added, “Healthcare information has become increasingly valuable to cybercriminals, and there is a real risk that this and other stolen data could be used by an attacker to access a consumer’s healthcare organization. Healthcare organizations need to mitigate the damages of such breaches by verifying users by their online behaviour instead of the credentials that have been stolen by cybercriminals.”
Healthcare information is vital to our society and must be protected. If you need help protecting your data, contact Uzado today.