Friday, July 4, 2025
  • Home
  • About Us
  • Disclaimer
  • Contact Us
  • Terms & Conditions
  • Privacy Policy
T3llam
  • Home
  • App
  • Mobile
    • IOS
  • Gaming
  • Computing
  • Tech
  • Services & Software
  • Home entertainment
No Result
View All Result
  • Home
  • App
  • Mobile
    • IOS
  • Gaming
  • Computing
  • Tech
  • Services & Software
  • Home entertainment
No Result
View All Result
T3llam
No Result
View All Result
Home Tech

Healthcare startups scramble to evaluate fallout after Postmeds knowledge breach hits tens of millions of sufferers

admin by admin
November 18, 2023
in Tech
0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Greater than two million individuals throughout america will obtain discover that their private and delicate well being data was stolen earlier this yr throughout a cyberattack at Postmeds, the mother or father firm of on-line pharmacy startup Truepill.

For a few of these affected, it’s the primary they’re listening to of Postmeds, not to mention that the corporate misplaced their delicate private and well being data through the knowledge breach.

Information of the info breach additionally appeared to catch off-guard healthcare startups that beforehand relied on Postmeds to satisfy their clients’ prescriptions.

Postmeds, or Truepill, is a web based pharmacy achievement startup that fills prescriptions for big-name telehealth providers and different pharmacies, and mails drugs to their clients. Postmeds, via Truepill, has fulfilled prescriptions for purchasers of Folx, Hims, and GoodRx, and different widespread on-line telehealth startups which have emerged in recent times.

RelatedPosts

51 of the Greatest TV Exhibits on Netflix That Will Maintain You Entertained

51 of the Greatest TV Exhibits on Netflix That Will Maintain You Entertained

June 11, 2025
4chan and porn websites investigated by Ofcom

4chan and porn websites investigated by Ofcom

June 11, 2025
HP Coupon Codes: 25% Off | June 2025

HP Coupon Codes: 25% Off | June 2025

June 11, 2025

Even in case you’ve by no means heard of Postmeds, the corporate could have crammed certainly one of your prescriptions and dealt with your data. Truepill’s web site says it has delivered 20 million prescriptions to 3 million individuals since its founding in 2016.

Postmeds not too long ago instructed federal regulators in a legally required discover that 2.3 million people had their private data stolen within the breach. The corporate started sending written notices to affected people in early November.

Information breach “presents an enormous threat”

In its knowledge breach discover, Postmeds stated hackers stole a trove of delicate knowledge, together with affected person names and demographic data — similar to dates of beginning — the kind of prescribed drugs and the prescriber’s title. In some circumstances that data can infer the rationale for taking the medicine, which might embrace an individual’s extremely delicate medical data, similar to particulars about their psychological, sexual, and reproductive well being.

A few of those that acquired knowledge breach notification letters instructed TechCrunch that they had been unfamiliar with Postmeds and why the corporate had their data.

“Me and my accomplice additionally had overlapping occasions by which we had been each sufferers with Folx, however I by no means bought a letter,” a former Folx buyer, whose accomplice acquired an information breach notification, instructed TechCrunch.

Folx Well being is a telehealth firm that caters for the LGBTQIA+ neighborhood, with clinicians who can prescribe drugs that help gender-affirming care. Folx stated it beforehand used Truepill to satisfy buyer prescriptions.

When reached for remark by TechCrunch, Folx chief working officer Dana Clayton instructed TechCrunch: “Folx terminated its relationship with Truepill in November of 2022. We’re in contact with Truepill concerning the incident and are working to rapidly assess any potential influence to our members.”

“As soon as I bought my first package deal and noticed ‘Truepill’ on the field from Folx, I noticed, admittedly late on my half, that my knowledge had been despatched off to a corporation that I personally hadn’t entered a belief relationship with.” Former Folx buyer

“Like different healthcare firms, we ship prescriptions to a variety of pharmacies based mostly on member alternative, medicine availability, price, and different elements. Folx takes its members’ privateness critically and holds its companions to the strictest safety requirements,” stated Clayton. “Truepill’s knowledge breach has been a matter of appreciable disappointment and concern for us, and Folx is dedicated to holding our members knowledgeable as we study extra.”

The previous Folx buyer, who works in cybersecurity, instructed TechCrunch that the info breach “presents an enormous threat, particularly for a neighborhood that stands to lose a lot extra by having that knowledge compromised.”

Postmeds has not publicly commented past its knowledge breach discover. TechCrunch requested Postmeds chief govt Paul Greenall in an e-mail to offer an inventory of firms that Postmeds partnered with whose clients are affected. Greenall didn’t reply.

One other one that acquired an information breach notification letter stated they had been prescribed a steady glucose monitor a yr or so in the past by metabolic well being startup Ranges Well being, which depends on Truepill for fulfilling its clients’ prescriptions for blood glucose displays.

When contacted by TechCrunch, Ranges wouldn’t say if its clients in america are affected by the Postmeds breach.

Kate Burton-Barlow, representing Ranges by way of a third-party company, stated in an e-mail that Ranges “previously established a relationship with Truepill within the U.Okay. in anticipation of a future U.Okay. launch, however that launch has not taken place, so Ranges doesn’t have any U.Okay. clients that this might have affected.”

TechCrunch contacted a number of healthcare firms that relied on Truepill to dispense and mail drugs.

When reached for remark by TechCrunch, Hims spokesperson Khobi Brooklyn didn’t dispute that buyer knowledge was affected by the breach involving Truepill. The spokesperson wouldn’t say what number of Hims clients are affected, however famous that not all of Hims clients had their prescriptions crammed by Truepill.

“Buyer care and knowledge safety are high priorities at Hims & Hers, we’ve invested closely in each, and we’re happy with our document. Whereas this wasn’t a breach of our methods or knowledge, it’s a reminder to proceed to remain vigilant across the steps we take to safeguard our clients,” Brooklyn stated in an announcement.

Telehealth startup Cerebral, which supplies telehealth providers and prescription drugs for psychological well being situations, instructed TechCrunch that it has not had a enterprise relationship or shared affected person data with Truepill since 2022. “Thus far, we’ve got not seen any notification of a breach and we’ve got no purpose to consider that any Cerebral affected person’s [protected health information] has been impermissibly disclosed or accessed,” Cerebral spokesperson Brittney Henderson stated in an e-mail. (Cerebral individually disclosed earlier this yr that it had shared tens of millions of sufferers’ knowledge with advertisers for a number of years.)

A number of different pharmacies who labored with Truepill didn’t remark when contacted by TechCrunch previous to publication.

CostPlus, the lower-cost on-line pharmacy based by Mark Cuban, which depends on Truepill for delivery drugs to clients, didn’t reply to requests for remark. Cuban invested an undisclosed quantity in Truepill earlier in 2023.

Healthcare and prescription coupon big GoodRx depends on Truepill as its mail supply accomplice. GoodRx spokesperson Lauren Casparis didn’t reply to requests for remark.

TechCrunch realized that Nutrisense, a tech startup that supplies steady glucose displays by prescription, makes use of Truepill to satisfy some orders. Nutrisense chief govt Alex Skryl didn’t reply to an e-mail requesting remark.

The HIPAA connection

It’s not unusual for tech or healthcare firms to share affected person knowledge with different firms, similar to third-party or specialty pharmacies, to satisfy their providers.

U.S. healthcare suppliers, like docs places of work and pharmacies, and insurance coverage firms are topic to the well being privateness and safety guidelines set out within the Well being Insurance coverage Portability and Accountability Act, or HIPAA, which partially governs how healthcare suppliers ought to correctly handle affected person knowledge safety and privateness. Falling foul of HIPAA may end up in heavy fines.

However a number of telehealth startups aren’t thought of “lined entities” below HIPAA, and HIPAA typically doesn’t apply, as a result of the startups themselves don’t present care, slightly they join sufferers with healthcare suppliers.

As Shopper Studies notes, HIPAA “does lay out privateness guidelines for well being care suppliers and insurance coverage firms to observe after they deal with personally identifiable medical knowledge,” however the identical piece of data protected at a health care provider’s workplace “may be completely unregulated in different settings.”

Each Hims and Cerebral word of their privateness insurance policies that whereas state privateness legal guidelines could apply, HIPAA “doesn’t essentially apply to an entity or particular person just because there may be well being data concerned.” Firms saying they’re “HIPAA compliant” can imply that HIPAA doesn’t apply to them.

The U.S. doesn’t have a nationwide knowledge safety or privateness regulation, and as a substitute depends on a patchwork of state legal guidelines that change state-by-state. Most People stay in states which have little to no protections in opposition to the sharing of an individual’s data.

As an alternative, firms normally spell out how they deal with buyer or affected person knowledge of their privateness coverage, however aren’t obligated to reveal which particular firms they work with.

The 2 individuals, who acquired knowledge breach notification letters from Postmeds and spoke with us for this story, each criticized the businesses who issued their prescriptions for missing transparency about who their enterprise companions are and which of these companions would obtain their delicate private data.

“As soon as I bought my first package deal and noticed ‘Truepill’ on the field from Folx, I noticed, admittedly late on my half, that my knowledge had been despatched off to a corporation that I personally hadn’t entered a belief relationship with,” the previous Folx consumer instructed TechCrunch.

A number of threads on Reddit have feedback from individuals who acquired knowledge breach notifications from Postmeds, however aren’t certain which firm equipped Postmeds with their data.

“I simply bought this letter and I don’t know which physician this could even be via,” stated one particular person. “Additionally acquired this letter. No information of the corporate,” stated one other.

The breach is the most recent incident to befall the embattled Truepill.

Truepill underwent a number of rounds of layoffs in 2022, together with giant swaths of its product group and all of its U.Okay. workers. In September, Truepill co-founder Sid Viswanathan was pushed out of the corporate.

Earlier this month, Truepill settled with the U.S. Drug Enforcement Administration claims that it illegally allotted hundreds of prescriptions for managed substances, by which Truepill “accepted accountability for working an unregistered on-line pharmacy.”


Do you’re employed at a healthcare group that’s affected by the Postmeds/Truepill breach? You possibly can contact Zack Whittaker on Sign and WhatsApp at +1 646-755-8849 or by e-mail; you can even contact Carly Web page securely on Sign at +441536 853968 or by e-mail. You can too contact TechCrunch by way of SecureDrop.

Previous Post

High Tales: Apple to Help RCS, iPhone 16 Rumors, and Extra

Next Post

Samsung introduces Bixby Cricket in India

Next Post

Samsung introduces Bixby Cricket in India

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • App (3,061)
  • Computing (4,401)
  • Gaming (9,599)
  • Home entertainment (633)
  • IOS (9,534)
  • Mobile (11,881)
  • Services & Software (4,006)
  • Tech (5,315)
  • Uncategorized (4)

Recent Posts

  • WWDC 2025 Rumor Report Card: Which Leaks Had been Proper or Unsuitable?
  • The state of strategic portfolio administration
  • 51 of the Greatest TV Exhibits on Netflix That Will Maintain You Entertained
  • ‘We’re previous the occasion horizon’: Sam Altman thinks superintelligence is inside our grasp and makes 3 daring predictions for the way forward for AI and robotics
  • Snap will launch its AR glasses known as Specs subsequent 12 months, and these can be commercially accessible
  • App
  • Computing
  • Gaming
  • Home entertainment
  • IOS
  • Mobile
  • Services & Software
  • Tech
  • Uncategorized
  • Home
  • About Us
  • Disclaimer
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • App
  • Mobile
    • IOS
  • Gaming
  • Computing
  • Tech
  • Services & Software
  • Home entertainment

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analyticsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functionalThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessaryThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-othersThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performanceThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policyThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Save & Accept