DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No evidence that Pharmacist.com hack involved patient records (updated)

Posted on June 9, 2012 by Dissent

As I had suggested previously in several tweets, those involved in the hack of Pharmacist.com may not have understood some of the data were that they acquired in the hack.  They certainly didn’t understand the nature of their target. In a statement disclosing the hack, reproduced on CyberWarNews.info, the hackers had written:

In an effort to make a mockery off of our friends inside of the US government we are releasing personal information and credit card details from government officials.

We strongly advice you to make your website more secure, because if we didn’t find this information, black hats would have…
We also found 16000 records of patients in ur www root folder! RU serious?!. We decided to filter out all non-governmental information, don’t worry, your information is safe.

A professional trade association is not a government entity and although some people employed by government may belong or be members, attacking trade organizations is not an attack on government.

And although the hackers claimed to have acquired 16,000 patients’ records that they did not dump in the torrent they released, I have not found any confirmation that any patient records were involved at all. Nor would it make any sense for a professional trade organization to have such information. The only type of personal info on patients that an organization like this might obtain would be if they had a forum or subdomain that allowed members of the public to ask questions, where some people might reveal some of their personal info in an attempt to get info or help. I don’t think that was the case in Pharmacist.com, however.

The association has released the following press release:

Memorial Day incident result of unauthorized data access

APhA today successfully restored its website, www.pharmacist.com. The website was accessed and defaced by an unknown and unauthorized individual or group on May 28, according to a May 31 statement to the media.

To show appreciation for its visitors, APhA made APhA DrugInfoLine (www.aphadruginfoline.com) available to everyone, in its entirety, until June 20, 2012.

“We thank our members for their patience during this trying time,” Thomas E. Menighan, BSPharm, ScD, MBA, APhA CEO/Executive Vice President, said. “We understand how important pharmacist.com is to our members in their search for pharmacy information, education, resources, and networking. APhA considers any unauthorized access to be serious, and has been working nonstop to ensure the website was secured and back online in a timely manner.”

As soon as APhA was notified of the incident, staff shut down pharmacist.com and its servers to protect the personal information of members, donors, and visitors. Law enforcement was notified, and APhA staff members began working with forensic experts and investigators to secure website data and member records. The team then developed a plan to reinstate service to its members and customers and to determine the full extent of the incident.

In a set of frequently asked questions (FAQs) posted today on the relaunched website, APhA said the unauthorized person(s) had obtained “some names, physical addresses, and email addresses” of pharmacist.com users. These were posted on a file-sharing website. To date, APhA’s forensic investigation has found no evidence of sensitive, personally identifiable information, such as credit card data, being accessed or used, but will continue to monitor and react appropriately. Because e-mail addresses were obtained, APhA encouraged members and other pharmacist.com users to be vigilant in watching for “phishing” e-mail messages that might ask them for sensitive, personal information. “APhA will never ask for your account password, credit card number, bank account number, login credentials, or any other personal information in an e-mail,” APhA said in the FAQs.

APhA elections, which began on May 23, were not affected by the pharmacist.com outage. Voting is conducted on a separate website, and votes were recorded accurately for members who cast ballots during the pharmacist.com outage. The electronic Voter’s Guide, which contains candidates’ information and statements, was not available when pharmacist.com was first taken down. Candidate information was later added to the election site, and balloting continued throughout this process uninterrupted.

On the advice of forensic consultants, APhA said that it has made further enhancements in the security measures used on pharmacist.com. “The nature of this investigation limits what we can say about the attack itself, and prudence dictates that we not publicize the measures being taken to prevent future attacks,” APhA noted in the online FAQs.

Sources

  • APhA news release on website attack
  • APhA news release on site restoration

Related resources on pharmacist.com

  • FAQs about relaunch of pharmacist.com

All that said, I would love to see a sample of the records the hackers think are patient ecords to see what kinds of information were involved. If Pharmacist.com has neglected to disclose that patient records were involved, that would be serious, but I do doubt that there were patient records involved.

Although the hack did disclose over 28,000 visitors, donor’s, or members’ email addresses and info, as far as data dumps go, this one is not particularly sensitive.  See Identity Finder’s analysis of the data dump, which matches what I had observed in going through the torrent.

Updated June 23: I received an email from one of the hackers, who included screen shots of the data records in the file they claim to have found in the root directory. As I suspected, the records are not patient records and contain no PHI or medical information. They appear to be more of contact information for 16,531 individuals who generally provided their professional addresses and contact information.  That said, I commend the hacker(s) for restraint in not dumping what they thought were patient records. Why these records were in a file in the root directory is not clear, but hopefully pharmacist.com has reviewed and fixed its security.

Related posts:

  • 700 sites hacked by Indian hackers as a revenge attack
  • Operation Anti Security Breakdown and targets, the full time line
Category: Breach IncidentsHackMiscellaneousU.S.

Post navigation

← AU: Privacy Commissioner finds Act breached by super fund
Does a Data Breach in the U.S. Require Notification in Europe? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.