BreachExchange mailing list archives
Online Pharmacy Says Its AWS Portal Was Hacked
From: Terrell Byrd <terrell.byrd () riskbasedsecurity com>
Date: Fri, 7 Jan 2022 10:16:07 -0500
https://www.healthcareinfosecurity.com/online-pharmacy-says-its-aws-portal-was-hacked-a-18259 An online pharmacy is notifying tens of thousands of individuals that their personal information was potentially exposed in a data security incident involving the company's Amazon Web Services hosted portal. In a Monday breach report filed to the Maine attorney general's office, Florida-based Ravkoo says 105,000 individuals, including 386 Maine residents, were affected by the incident, which was discovered in late September. A report filed to New Hampshire's attorney general indicates 600 residents in that state were also affected. Breach Details In a breach notification posted on its website, Ravkoo says that a data security incident recently discovered on its AWS-hosted portal "may have resulted in the unintentional exposure of personal information." Ravkoo uses AWS cloud services for online hosting of its prescription portal, the company says. "On Sept. 27, Ravkoo detected that this portal was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate the portal," the notification says. Ravkoo’s forensic investigation subsequently revealed that certain prescription and health information could have been compromised, including full names, mail addresses, phone numbers and prescriptions, and "limited" medical information. "Notably, we have found no evidence that any individual’s Social Security Number was accessed or compromised as Ravkoo does not maintain this information within the impacted portal," the notice says. "Further, Ravkoo does not have any evidence to indicate that any information involved in the incident has been or will be misused as a result of this incident." Ravkoo reported the incident to the FBI and has also "increased security" of its AWS-hosted portal, the company says. The company also is offering affected individuals complimentary, online credit monitoring services. Ravkoo did not immediately respond to Information Security Media Group's request for additional information about the breach, including a request for comment on the accuracy of a report saying that an alleged hacker claims to have accessed the portal "using a hidden admin panel."
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Online Pharmacy Says Its AWS Portal Was Hacked Terrell Byrd (Jan 10)