Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking the US Prescription System

Posted by timothy on from the quite-a-dose-you're-taking dept.

An anonymous reader writes: It appears that most pharmacies in the US are interconnected, and a breach in one leads to access to the other ones. A security advisory released [Friday] shows how a vulnerability in an online pharmacy granted access to prescription history for any US person with just their name and date of birth. From the description linked above: During the signup process, PillPack.com prompts users for their identifying information. In the end of the signup rocess, the user is shown a list of their existing prescriptions in all other pharmacies in order to make the process of transferring them to PillPack.com easier. ... To replicate this issue, an attacker would be directed to the PillPack.com website and choose the signup option. As long as the full name and the date of birth entered during signup match the target, the attacker will gain access to the target's full prescription history.

1 of 78 comments (clear)

  1. Re:Assumptions by Anonymous Coward · · Score: 1, Insightful

    So HIPAA is basically bullshit then.