U.S. online pharmacy Ravkoo has confirmed a data breach that may have led to customers’ personal health data being accessed.
This was after the company’s cloud prescription portal hosted by AWS was involved in a security breach.
Data breach notification letters sent to 105,000 affected customers on January 3 stated: “Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack.”
Ravkoo said there was no evidence that customers’ social security numbers were accessed during the incident. This is likely because the company does not store SSN data on the affected prescription channel.
The company also said it had not yet found evidence that the information exposed during the breach had been misused.
The company has provided affected customers with one year of free online identity monitoring service from Krill Information Assurance.
One year of free identity monitoring will allow affected customers to resolve identity theft related to the data breach.
For more information, read the original story in BleepingComputer.