DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Patient appointment booking service notifying patients of potential breach

Posted on May 17, 2016 by Dissent

Zocdoc, an online booking system for dental or medical appointments, is first notifying patients almost one year after they learned programming errors enabled providers to access patient information they should not have had access to.

In June, 2015, Zocdoc reportedly learned that a programming error had

allowed some past or current practice staff members to access the Provider Dashboard, and therefore potentially view your personal information, after their usernames were removed, deleted or otherwise limited.

Although the notification does not state exactly when the problem began, the metadata for the report to the California Attorney General’s Office puts the date at June 5, 2011.

There is no explanation as to why it took from June, 2015 until May, 2016 to notify those affected. Nor does the letter signed by Anna Elwood, VP of Operations, indicate whether HHS was notified of this breach.

Zocdoc states that the types of personal information that may have been accessed includes

name, email address, phone number, [“social security number, ”] appointment history (times and dates of your appointments) with that practice, and if previously provided to that practice by you via Zocdoc, additional information such as insurance member ID and other medical history.

As Zocdoc notes, those providers and their staff members who may have inappropriately viewed or accessed patient information, “had obligations regarding the secure and confidential handling of personal information.”

Those notified are being offered complimentary services with Experian ProtectMyID.

DataBreaches.net contacted Zocdoc via email to ask how many patients are being notified and whether they are notifying every patient going back to June, 2011, or only those where logs show their info was accessed.  They were also asked whether  HHS been notified of this breach and why it took Zocdoc  from June, 2015 until now to notify those affected.

Other than a cheery automated response, DataBreaches.net received no response by the time of this publication. This post will be updated if Zocdoc finds there’s “an opportunity to work together.” 🙂

No related posts.

Category: Business SectorExposureHealth DataOtherU.S.

Post navigation

← NC: Stolen Blue Ridge Surgery Center laptop was encrypted, but password was with it
UK: Cambridgeshire County Council’s data breach shockers – Big Brother Watch →

1 thought on “Patient appointment booking service notifying patients of potential breach”

  1. Jordana Ari says:
    May 17, 2016 at 7:55 pm

    Sounds more like stone cold silent response .i could be wrong but it doesn’t sound like any response is coming. .at least anytime soon l

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.