105,000 Patients Notified About Cyberattack and Potential Theft of PHI at Online Pharmacy

Health app developer Ravkoo and Auburndale, FL-based digital pharmacy and has begun alerting 105,000 clients that a portion of their sensitive personal data may have been breached and possibly obtained by someone who was not authorized to do so.

The portal on which Ravkoo hosts its online prescription portal on Amazon Web Services (AWS), was infiltrated as part of a targeted cyberattack that was first discovered on September 27, 2021. After the breach was first discovered the group move quickly to implement measures to safeguard the portal and external cybersecurity specialists were contracted to help with with the forensic investigation, mitigation, restoration, and remediation steps.

The official examination showed that sensitive patient data had been breached and may have been impacted, incorporating names, address details, phone information, detailed prescription data , and some medical data. Ravkoo said the infiltrated database did not include any Social Security information, which are not held in the impacted portal. The in-depth investigation did not find anything to suggest that any data on the has been improperly used to date.

Ravkoo has made the Federal Bureau of Investigation (FBI) aware of the breach and is helping out with the investigation. Ravkoo has also been assisting with forensics specialists to look into the security of its AWS environment. Measures are being implemented to enhance security to stop additional data breaches going forward.

The data breach has been made known reported to the Department of Health and Human Services’ Office for Civil Rights as impacting approximately as many as 105,000 people. Impacted  people are being given the chance to avail of free access to Kroll’s online credit monitoring service as a precautionary step, which includes access to resolution services should any further identity theft take place.

it was revealed by Micah Lee at The Intercept, said in a September 2021 tweet, that a cybercriminal took the blame for the the attack on Ravkoo and said the patient portal was “hilariously easy” to infiltrate and incorporated the use of a masked admin portal that any individual could access it and and download patient data.