The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Truepill Hit By Major Breach Affecting 2.3 Million

Truepill Hit By Major Breach Affecting 2.3 Million
Author Image Zane Kennedy
Zane Kennedy Published on 22nd November 2023 Former Cybersecurity Researcher

Pharmacy provider Truepill, operating under Postmeds Inc., has notified 2.3 million individuals of a security incident that resulted in unauthorized access to their sensitive personal information. Truepill is a key B2B pharmacy platform for direct-to-consumer brands and healthcare organizations across the US.

Discovered on August 31, 2023, the breach allowed attackers to access data from August 30 to September 1, potentially exposing patients' full names, medication types, demographic information, and prescribing physicians' names. Social Security numbers were reportedly not included in the compromised data.

The breach has caused confusion among some recipients of the data breach notices, who claimed unfamiliarity with Truepill. This indicates a wider data-sharing network within the healthcare industry, raising questions about the overall transparency in its data sharing practices.

Multiple class-action lawsuits are in preparation, citing Postmeds' alleged negligence in failing to encrypt sensitive healthcare information and the delayed notification to affected individuals, which took over two months. During this period, some victims reported suspicious activities on their Venmo accounts and the appearance of their personal data on the dark web.

Criticism has also been leveled at the content of Truepill’s notification letters for their vagueness, particularly regarding the omission of details about the breach's occurrence and the lack of guidance on protecting against identity theft and targeted phishing scams — those affected are now at a higher risk of both following the breach.

Truepill has pledged to enhance security protocols and employee cybersecurity awareness in response to the incident. Despite these efforts, the breach remains a critical example of the vulnerabilities present in digital healthcare data management.

Affected individuals are urged to be vigilant in monitoring medical bills and to not provide any personal information in response to unsolicited emails and messages.

This breach occurs in the context of Truepill's recent settlement with the U.S. Drug Enforcement Administration over allegations of unlawful prescription practices. The company agreed to revise its policies and undergo heightened compliance measures for four years.

Furthermore, the incident reflects a broader trend in healthcare data breaches. A Comparitech analysis reported 5,478 data breaches in medical organizations in the U.S. since 2009, affecting nearly 423 million medical records. The first half of 2023 saw 308 healthcare data breaches, with a record 40 million individuals affected.

About the Author

  • Author Image Zane Kennedy
  • Zane Kennedy Former Cybersecurity Researcher

Zane was a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provided readers with accurate and trustworthy news stories and articles. He aimed to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address