Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    No One Knows How Online Pharmacy Company was Hit with a Data Breach Impacting 2.3 Million Customers

    healthcare-data-breachThis is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach.

    Normally when there’s a press release from an organization hit by a data breach, there are at least a few details that let customers know the company has a handle on what transpired, that the breach has been mitigated, and what customers impacted should do to protect themselves.

    But in the latest data breach by online pharmacy order fulfillment company Postmeds (doing business as Truepill), the data breach notification was anything but helpful. Personal details including “name, medication type, and in some instances, demographic information and/or prescribing physician name” were included in the breach.

    A Bleeping Computer article about the breach discusses how affected customers are wondering how Truepill even had their information. As it turns out Postmeds is the fulfillment organization for a number of online pharmacies and health insurance providers, so some customer details obviously must be shared.

    There is virtually no detail on what the initial actions were that led to the data breach, with the exception of the statement around how they plan to enhance their state of security:

    “…we are increasing awareness of cybersecurity threats through additional employee training.”

    One could infer from this that a user falling for a social engineering scam via phishing or the web could be the means of initial access into the Truepill network. If that was indeed the case, we wholeheartedly support the notion of requiring users to take part in new-school security awareness training as a means to shore up that aspect of their cybersecurity stance.

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/kmsat-security-awareness-training-demo

    Topics: Social Engineering, Phishing, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews