vpnMentor’s research team has discovered a leak in a database regarding the prescription medication Vascepa.
The drug feels like used by more than78,000 patients.
The data includesfull identifying information for the 78,000+ patientswho take the medication.
A second database with transaction information was also available.
The patient data includespatients' names,addresses, phone numbers,andemail addresses.
We believe the database could belong to ConnectiveRX several days after discovering the data.
We then contacted them to alert them to the leak.
On June 18, we received a Twitter message from David Yakimischak, the CTO of ConnectiveRx.
We dont use that database management system at all for any of our programs."
Examples of Entries in the Database
Vascepa is a prescription medication manufactured by Amarin.
The drug, intended to help lower high triglycerides, is taken by more than78,000 patients.
Based on the database breach we found, we know there have been390,000+ transactionsof Vascepa.
The medication is unique in that it lowers triglycerides without raising a patient’s LDL, or bad cholesterol.
With theirname and address, it’s easy to find a large amount of information about them.
We suspect the database maybelong to ConnectiveRX, given the consistency of the tags in the data.
However, we only found data concerning Vascepa prescriptions, which makes it less clear where the leak originated.
Having access to a full list of cell phone numbers and email addresses is an invitation for attack.
This second example comes from a second database.
We have391, 649 purchase transactionsfor Vascepa.
Additionally, we have the full information for the prescriber.
Medical records areprotected from public accessto ensure the patient’s privacy and security.
There can be manysevere consequences if medical history is sharedwithout a person’s consent.
They can facediscrimination from a jobor find themselves in the middle of a family conflict.
Many people might find their medical histories embarrassing.
In some cases, medical history is used as blackmail.
Keeping health data protected cankeep patients saferin the long run.
As we can see in Vascepa’s case, there was no level of encryption protecting this sensitive information.
HIPAA offers companies that work with virtual medical data a checklist for security compliance.
These outcomes are a direct result of HIPAA enforcement.
Ran and Noam scan ports looking for known IP blocks.
Once they’ve discovered these blocks, they can use them tolook for holesin a website’s system.
When they find leaked data, they use several expert techniques toverify the database’s identity.
We thenalert the company to the breach.
If possible, we will also alert those affected by the breach.
The purpose of the project is to helpmake the internet saferfor all users.
About Us and Previous Reports
vpnMentoris the worlds largest VPN review website.
We recently discovered a hugedata breach impacting 80 million US households.
Pleaseshare this report on Facebookortweet it.
c’mon, comment on how to improve this article.
