"Telehealth provider Call-On-Doc, Inc., dba Call-On-Doc.com, advertises that it has 2 million active patients and treats 150+ medical conditions. It claims to be the most highly rated telehealth service, and it assures patients of "state-of-the-art" data security for their information. But if a post on a hacking forum is accurate, Call-On-Doc recently had a breach that may have affected more than one million patients."
"Three screenshots with rows of dozens of patients' information were included in the listing. An additional .txt file with information on 1,000 patients was also included. Inspection of the screenshots immediately raised concerns about the sensitive information they revealed. Although some appointments were visits for conditions such as strep infections or other medical conditions, a number of patient records were for the "STD" category (sexually transmitted disease), with the specific type of STD listed in the "Condition" field."
Call-On-Doc advertises 2 million active patients, treatment for 150+ conditions, and state-of-the-art data security. A hacking forum sales listing reportedly shows a December breach with 1,144,223 patient records exfiltrated. The listing included three screenshots and a .txt file containing data on 1,000 patients. Screenshots revealed sensitive details, including specific STD types listed in the Condition field. Call-On-Doc operates on a self-pay model and does not accept insurance, creating uncertainty about HIPAA applicability. Regardless of HIPAA status, state laws and the Federal Trade Commission can regulate and pursue enforcement for deceptive or unfair data-security practices.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]