DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Patient appointment booking service notifying patients of potential breach

Posted on May 17, 2016 by Dissent

Zocdoc, an online booking system for dental or medical appointments, is first notifying patients almost one year after they learned programming errors enabled providers to access patient information they should not have had access to.

In June, 2015, Zocdoc reportedly learned that a programming error had

allowed some past or current practice staff members to access the Provider Dashboard, and therefore potentially view your personal information, after their usernames were removed, deleted or otherwise limited.

Although the notification does not state exactly when the problem began, the metadata for the report to the California Attorney General’s Office puts the date at June 5, 2011.

There is no explanation as to why it took from June, 2015 until May, 2016 to notify those affected. Nor does the letter signed by Anna Elwood, VP of Operations, indicate whether HHS was notified of this breach.

Zocdoc states that the types of personal information that may have been accessed includes

name, email address, phone number, [“social security number, ”] appointment history (times and dates of your appointments) with that practice, and if previously provided to that practice by you via Zocdoc, additional information such as insurance member ID and other medical history.

As Zocdoc notes, those providers and their staff members who may have inappropriately viewed or accessed patient information, “had obligations regarding the secure and confidential handling of personal information.”

Those notified are being offered complimentary services with Experian ProtectMyID.

DataBreaches.net contacted Zocdoc via email to ask how many patients are being notified and whether they are notifying every patient going back to June, 2011, or only those where logs show their info was accessed.  They were also asked whether  HHS been notified of this breach and why it took Zocdoc  from June, 2015 until now to notify those affected.

Other than a cheery automated response, DataBreaches.net received no response by the time of this publication. This post will be updated if Zocdoc finds there’s “an opportunity to work together.” 🙂

No related posts.

Category: Business SectorExposureHealth DataOtherU.S.

Post navigation

← NC: Stolen Blue Ridge Surgery Center laptop was encrypted, but password was with it
UK: Cambridgeshire County Council’s data breach shockers – Big Brother Watch →

1 thought on “Patient appointment booking service notifying patients of potential breach”

  1. Jordana Ari says:
    May 17, 2016 at 7:55 pm

    Sounds more like stone cold silent response .i could be wrong but it doesn’t sound like any response is coming. .at least anytime soon l

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy
  • 70% of healthcare cyberattacks result in delayed patient care, report finds
  • Police disrupt “Diskstation” ransomware gang attacking NAS devices
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.