(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
The U.S. pharma company Pfizer mistakenly leaked private data of the country’s prescription drug users in a data breach caused due to unsecured cloud storage, according to cybersecurity firm vpnMentor.
The exposed data was related to conversations between Pfizer’s automated customer support software and people using its prescription drugs.
“By not protecting this data, Pfizer compromised the privacy and security of people using its medications, many of them already vulnerable due to poor health,” vpnMentor said in a blog post.
It added that Pfizer initially denied the importance of data and after vpnMentor sent a file with a sample of their customers’ personal identifiable information, the pharma giant secured the bucket and never replied to vpnMentor’s messages.
The folder that contained transcripts of conversations between drug users and company’s customer support software was named ‘escalations’. The company’s investigation showed that there were hundreds of transcripts while more were being uploaded.
Each transcript had personal data such as full names, address, phone number, and details of health and medical status. In addition to this, transcripts carried information related to products manufactured and sold by Pfizer, including many medicines used to treat various forms of cancer.
The cybersecurity firm also posted screenshots of the data and conversations exposed in its blog.
It cannot be known whether cybercriminals gained access to the data, but the sensitive information could be used to target those exposed with highly effective phishing campaigns such as fake prescription refills and identify fraud.
vpnMentor noted that while Pfizer isn’t liable under US laws that how dictate healthcare companies manage customer data, it still broke plenty of rules and best practices for handling sensitive medical data in the US.