Whittaker also notes that Zocdoc reported a similar incident in 2016. Zocdoc noted that it launched an internal investigation to repair the errors and that it is offering a year of identity theft protection through Experian IdentityWorks for affected patients.Īccording to TechCrunch's Zach Whittaker, about 7,600 users across the United States were affected. "These were not vulnerabilities exploitable by any third parties rather, this incident is specific to the access rights of our provider client accounts," said Zocdoc representatives.
The information would not have included credit card numbers, debit card or PINs, bank account information, radiological or diagnostic reports or any medical records. The company noted that the practices have their own obligations to maintain patient security and confidentiality.Īny personal information would include name, email address, phone number and appointment history, as well as insurance member ID, social security number and any relevant medical history provided to the practice via Zocdoc. "Beginning in August 2020, we learned of programming errors that allowed some past or current practice staff members to access the Provider Portal after their usernames and passwords were intended to be removed, deleted or otherwise limited," read the letter. There, providers can view appointments and other information furnished by patients when booking. "Out of an abundance of caution, and out of respect for and our continued commitment to compliance with all regulatory requirements, we are notifying affected individuals and practices of this issue," they added.Īs Zocdoc explained in its letter, each practice registered with Zocdoc receives usernames that allow staff members to access its Provider Portal. "Based on our investigation, we do not believe that any misuse or unauthorized access to unsecured personal information has occurred, or that any Zocdoc systems were compromised," said Zocdoc representatives in an email to Healthcare IT News after publication.
The medical scheduling site Zocdoc published a letter this week describing a programming error that allowed patient information to be exposed to providers in an unauthorized manner.Īs Zocdoc explained, the bugs allowed practice staff members to access the vendor's system after their login information was intended to be limited.
0 kommentar(er)
