LOGO

Zocdoc Data Breach: Patient Data Exposed Due to Programming Errors

May 24, 2021
Topics:computer securitydata securityNew YorkPasswordSecurityZocDoc
Zocdoc Data Breach: Patient Data Exposed Due to Programming Errors

Zocdoc Addresses Patient Data Access Bug

Zocdoc has announced the resolution of a security flaw. This bug permitted both current and former employees of medical and dental offices to view patient information due to inadequate account deactivation procedures.

Disclosure to California Attorney General

The New York-based company disclosed this issue in a notification to the California attorney general’s office. This disclosure was required because the incident impacted over 500 California residents.

Scope of the Security Incident

Zocdoc has confirmed that approximately 7,600 users nationwide were affected by this security incident.

How the Bug Functioned

Zocdoc provides usernames and passwords to medical and dental practices for staff access to appointments scheduled through its platform. However, “programming errors” within Zocdoc’s systems allowed some former or current staff members to retain access to the provider portal even after their credentials should have been removed or restricted.

Types of Patient Data Potentially Accessed

The company confirmed that patient data accessible through the portal included names, email addresses, phone numbers, and appointment details. Additionally, information shared with the practice, such as insurance details, Social Security numbers, and medical history, could have been compromised.

Data Not Affected

Zocdoc stated that sensitive payment card numbers, radiological reports, and complete medical records were not involved, as the company does not store this type of data.

Discovery and Investigation Timeline

According to Zocdoc spokesperson Sandra Glading, the bug was initially detected in August 2020. However, the complexity of the code necessitated a thorough investigation to determine the extent of the impact and identify affected practices and users.

The company stated it notified the California attorney general’s office “as soon as was practicable.”

Monitoring and Evidence of Misuse

Zocdoc maintains “detailed logs” to monitor data access and detect potential exploitation of vulnerabilities. A review of these logs and further investigation revealed no evidence of misuse of personal information at this time.

Zocdoc User Base

Approximately 6 million users utilize Zocdoc each month, according to the company.

Past Security Incident

This incident bears a striking resemblance to a previous security issue reported by Zocdoc in 2016. That earlier incident was also attributed to similar “programming errors” that enabled unauthorized access to patient data by medical provider staff.

#Zocdoc#data breach#patient data#healthcare data#programming errors#security breach

Related Posts

FTC Upholds Ban on Stalkerware Founder Scott Zuckerman

FTC Upholds Ban on Stalkerware Founder Scott Zuckerman

Google Details Chrome Security for Agentic Features

Google Details Chrome Security for Agentic Features

Petco Data Breach: SSNs, Driver's Licenses Exposed

Petco Data Breach: SSNs, Driver's Licenses Exposed

Petco Data Breach: Customer Data Exposed - What You Need to Know

Petco Data Breach: Customer Data Exposed - What You Need to Know

Intellexa Spyware: Direct Access to Government Espionage Victims

Intellexa Spyware: Direct Access to Government Espionage Victims

Smart Toilet Camera Encryption Flaws | Security Concerns

Smart Toilet Camera Encryption Flaws | Security Concerns