Winnipeg-based online pharmacy warns of data breach

A Winnipeg-based online pharmacy is still offline after telling customers their information including medications and medical history may have been compromised in a security incident.

As of Friday morning PlanetDrugsDirect.com hasn’t been reachable for over 36 hours, shortly after Bleeping Computer broke the news that an unknown number of people were being notified. The company says it has 400,000 customers.

The site’s home page displays an error message as well as the statement, “This website is using a security service to protect itself from online attacks.”

Earlier in the week, the site offered a 1-888 number for customers to call for information. This morning when the number was dialled from Toronto a recorded message said it was not available from that calling area.

The notice to customers says what may have been exposed is the person’s “name, mailing address, e-mail address, telephone number(s), occupation, employment status, referral source, the name of your primary physician (and his or her contact information), age, height, weight, sex, date of birth, the existence and types of drug allergies, medications requested, family medical history information, your personal medical history information, details of your existing medications, credit card information (including card type and number, expiry date and name of cardholder) and prescription information.”

Customers are being asked to monitor their bank and credit card accounts for suspicious activity.

The company says people can “buy cheap prescription medications safely online by a Canadian prescription referral service and have your order filled by a licensed international pharmacy.”

Created in 2001, PlanetDrugsDirect.com is one of a wide number of websites offering medicinal drugs around the world, particularly to the U.S., because prices are lower here.

In a 2014 press release the site called itself “a trusted online pharmacy offering service from Canada that provides 100 per cent safe prescription and non-prescription drugs at affordable prices with maximum protection and privacy of its customers. Hundreds of compliments are received every month from the existing happy customers along with increasing likes and shares on social media sites such as Facebook, Google+ and Twitter.”

The company also regularly mentions that it is a member of the Canadian International Pharmacy Association (CIPA), an industry association of licenced pharmacies.

“The most worrisome part of this breach is that hackers had access to patient contact information, medications taken, and payment information,” said Robert Capps, vice-president of market innovation for Vancouver-based NuData Security, a Mastercard company. “All this data could provide cybercriminals with enough information to craft fake email messages reminding them of a refill, for example, to trick victims into ordering prescription refills from untrusted sources – of fake ones.  Consumers should be wary of any emails that appear to come from a pharmacy and should avoid clicking links in such emails. We advise that consumers access their prescription drug reordering via the official website of their provider.

“Healthcare information has become increasingly valuable to cybercriminals, and there is a real risk that this and other stolen data could be used by an attacker to access a consumer’s healthcare organization. Healthcare organizations need to mitigate the damages of such breaches by verifying users by their online behaviour instead of the credentials that have been stolen by cybercriminals.”

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now