U.S. pharma giant suffers data breach, exposes private data of drug users

The exposed data was related to conversations between Pfizer’s automated customer support software and people using its prescription drugs.

October 22, 2020 05:59 pm | Updated 06:12 pm IST

U.S. pharma giant suffers data breach, exposes private data of drug users

U.S. pharma giant suffers data breach, exposes private data of drug users

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

The U.S. pharma company Pfizer mistakenly leaked private data of the country’s prescription drug users in a data breach caused due to unsecured cloud storage, according to cybersecurity firm vpnMentor.

The exposed data was related to conversations between Pfizer’s automated customer support software and people using its prescription drugs.

“By not protecting this data, Pfizer compromised the privacy and security of people using its medications, many of them already vulnerable due to poor health,” vpnMentor said in a blog post.

It added that Pfizer initially denied the importance of data and after vpnMentor sent a file with a sample of their customers’ personal identifiable information, the pharma giant secured the bucket and never replied to vpnMentor’s messages.

The folder that contained transcripts of conversations between drug users and company’s customer support software was named ‘escalations’. The company’s investigation showed that there were hundreds of transcripts while more were being uploaded.

Each transcript had personal data such as full names, address, phone number, and details of health and medical status. In addition to this, transcripts carried information related to products manufactured and sold by Pfizer, including many medicines used to treat various forms of cancer.

The cybersecurity firm also posted screenshots of the data and conversations exposed in its blog.

It cannot be known whether cybercriminals gained access to the data, but the sensitive information could be used to target those exposed with highly effective phishing campaigns such as fake prescription refills and identify fraud.

vpnMentor noted that while Pfizer isn’t liable under US laws that how dictate healthcare companies manage customer data, it still broke plenty of rules and best practices for handling sensitive medical data in the US.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.