A Winnipeg-based online pharmacy is still offline after telling customers their information including medications and medical history may have been compromised in a security incident.
As of Friday morning PlanetDrugsDirect.com hasn’t been reachable for over 36 hours, shortly after Bleeping Computer broke the news that an unknown number of people were being notified. The company says it has 400,000 customers.
The site’s home page displays an error message as well as the statement, “This website is using a security service to protect itself from online attacks.”
Earlier in the week, the site offered a 1-888 number for customers to call for information. This morning when the number was dialled from Toronto a recorded message said it was not available from that calling area.
The notice to customers says what may have been exposed is the person’s “name, mailing address, e-mail address, telephone number(s), occupation, employment status, referral source, the name of your primary physician (and his or her contact information), age, height, weight, sex, date of birth, the existence and types of drug allergies, medications requested, family medical history information, your personal medical history information, details of your existing medications, credit card information (including card type and number, expiry date and name of cardholder) and prescription information.”
Customers are being asked to monitor their bank and credit card accounts for suspicious activity.
The company says people can “buy cheap prescription medications safely online by a Canadian prescription referral service and have your order filled by a licensed international pharmacy.”
Created in 2001, PlanetDrugsDirect.com is one of a wide number of websites offering medicinal drugs around the world, particularly to the U.S., because prices are lower here.
In a 2014 press release the site called itself “a trusted online pharmacy offering service from Canada that provides 100 per cent safe prescription and non-prescription drugs at affordable prices with maximum protection and privacy of its customers. Hundreds of compliments are received every month from the existing happy customers along with increasing likes and shares on social media sites such as Facebook, Google+ and Twitter.”
The company also regularly mentions that it is a member of the Canadian International Pharmacy Association (CIPA), an industry association of licenced pharmacies.
“The most worrisome part of this breach is that hackers had access to patient contact information, medications taken, and payment information,” said Robert Capps, vice-president of market innovation for Vancouver-based NuData Security, a Mastercard company. “All this data could provide cybercriminals with enough information to craft fake email messages reminding them of a refill, for example, to trick victims into ordering prescription refills from untrusted sources – of fake ones. Consumers should be wary of any emails that appear to come from a pharmacy and should avoid clicking links in such emails. We advise that consumers access their prescription drug reordering via the official website of their provider.
“Healthcare information has become increasingly valuable to cybercriminals, and there is a real risk that this and other stolen data could be used by an attacker to access a consumer’s healthcare organization. Healthcare organizations need to mitigate the damages of such breaches by verifying users by their online behaviour instead of the credentials that have been stolen by cybercriminals.”