Online Pharmacy Informs 105,000 Patients Regarding Cyberattack and Likely Theft of PHI

The digital pharmacy and health app developer Ravkoo based in Auburndale, FL has started sending notification letters to a number of patients regarding an unauthorized individual who viewed and potentially stole some of their sensitive personal information.

Ravkoo uses Amazon Web Services (AWS) for hosting its online prescription portal. The website had a cyberattack that was discovered on September 27, 2021. Upon finding of the security breach, Ravkoo took immediate steps to secure the site and engaged third-party cybersecurity specialists to help in the forensic investigation, mitigation, restoration, and remediation work.

The investigation affirmed the exposure of sensitive patient data, including names, phone numbers, addresses, selected prescription data, and limited medical information. Ravkoo stated the impacted site did not have any Social Security numbers, which are not kept in the breached portal. The forensic investigation found no evidence that indicated the misuse of data contained within the portal.

Ravkoo already submitted the cyberattack report to the Federal Bureau of Investigation (FBI) and is assisting with the inquiry. Ravkoo additionally has employed forensics professionals to evaluate the security of its AWS environment. Steps are now being done to enhance security to avoid other data breaches later on.

The data breach report has been sent to the Department of Health and Human Services’ Office for Civil Rights indicating that around 105,000 people were affected. Affected persons are being provided complimentary membership to Kroll’s online credit monitoring service as a safety measure, which comes with access to resolution services in case of identity theft.

The Intercept’s Micah Lee mentioned in a September 28, 2021 tweet that a hacker had professed responsibility for the attack on Ravkoo and stated the pharmacy website was easy to hack and required the use of a hidden admin website that any user is able to log in to and access patient information.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA