3rd Party Risk Management , Breach Notification , Business Continuity Management / Disaster Recovery

Online Pharmacy Says Its AWS Portal Was Hacked

Incident, Discovered in Late September, Affected 105,000 Individuals
Online Pharmacy Says Its AWS Portal Was Hacked
Online pharmacy Ravkoo offers a health app providing users with access to prescription and other health information.

An online pharmacy is notifying tens of thousands of individuals that their personal information was potentially exposed in a data security incident involving the company's Amazon Web Services hosted portal.

See Also: On Demand | Defining a Detection & Response Strategy

In a Monday breach report filed to the Maine attorney general's office, Florida-based Ravkoo says 105,000 individuals, including 386 Maine residents, were affected by the incident, which was discovered in late September.

A report filed to New Hampshire's attorney general indicates 600 residents in that state were also affected.

Breach Details

In a breach notification posted on its website, Ravkoo says that a data security incident recently discovered on its AWS-hosted portal "may have resulted in the unintentional exposure of personal information."

Ravkoo uses AWS cloud services for online hosting of its prescription portal, the company says. "On Sept. 27, Ravkoo detected that this portal was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate the portal," the notification says.

Ravkoo’s forensic investigation subsequently revealed that certain prescription and health information could have been compromised, including full names, mail addresses, phone numbers and prescriptions, and "limited" medical information.

"Notably, we have found no evidence that any individual’s Social Security Number was accessed or compromised as Ravkoo does not maintain this information within the impacted portal," the notice says. "Further, Ravkoo does not have any evidence to indicate that any information involved in the incident has been or will be misused as a result of this incident."

Ravkoo reported the incident to the FBI and has also "increased security" of its AWS-hosted portal, the company says.

The company also is offering affected individuals complimentary, online credit monitoring services.

Ravkoo did not immediately respond to Information Security Media Group's request for additional information about the breach, including a request for comment on the accuracy of a report saying that an alleged hacker claims to have accessed the portal "using a hidden admin panel."

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.