DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Amarin Pharma notifies patients of data leak discovered by vpnMentor

Posted on August 6, 2019 by Dissent

On June 20, vpnMentor reported on a leak they discovered involving data from patients interested in Vascepa.

Reading their report, it seemed that they could see that Vascepa figured prominently in the data but they do not mention whether they ever contacted Vascepa’s manufacturer, Amarin Pharma — or if not, why not.

On August 5, Amarin Pharma, Inc. notified California about a leak involving an unnamed vendor.  Amarin’s notification explains that:

The vendor is an independent company that supports Amarin’s copay assistance programs by providing customer relationship management services relating to Vascepa®. Amarin’s systems were not affected by this incident.

Amarin’s letter also makes clear that they first learned of the leak from media reports (but not from direct contact from vpnMentor):

On or around June 20, 2019, we became aware of media reports suggesting that a database containing information about consumers who use or have expressed interest in Vascepa® may have been subject to unauthorized access. Amarin promptly began investigating these reports and determined that the database in question was maintained by the vendor. Amarin promptly took steps to suspend active data feeds to the vendor’s database, and the vendor informed us that the database was taken offline on June 20, 2019.

Although Amarin’s notification does not indicate the number affected, it does report the window of possible access:

On July 11, 2019, the vendor informed us that due to a database misconfiguration, information could have been accessed without proper authorization between May 2, 2018, and June 20, 2019. The vendor further informed us that it identified evidence of unauthorized access to and acquisition of information from the database during the period May 29, 2019 to June 20, 2019, and that it could not conclusively determine that no unauthorized access or acquisition occurred outside this timeframe.

You can read Amarin Pharma’s full notification on the California Attorney General’s site.

DataBreaches.net reached out to Amarin Pharma with questions as to whether the vendor was actually a business associate under HIPAA and whether Amarin would be reporting the incident to HHS/OCR, but has received no response to two emails sent to their corporate PR email address. The inquiries also included asking them to confirm or deny that ConnectiveRx was the vendor involved (ConnectiveRx had denied vpnMentor’s published statements that they had thought ConnectiveRx might be the responsible vendor).

This post will be updated if or when a response from Amarin Pharma is received.

Category: Breach IncidentsCommentaries and AnalysesHealth DataSubcontractorU.S.

Post navigation

← People: Do NOT Call This Site About the AMCA Breach
With warshipping, hackers ship their exploits directly to their target’s mail room →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.