25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Online Pharmacy Notifies 105,000 Patients About Cyberattack and Potential Theft of PHI

Posted By on Jan 14, 2022

The Auburndale, FL-based digital pharmacy and health app developer Ravkoo has started notifying 105,000 patients that some of their sensitive personal information has been exposed and potentially obtained by an unauthorized individual.

Ravkoo hosts its online prescription portal on Amazon Web Services (AWS). The portal was targeted in a cyberattack that was detected on September 27, 2021. Upon discovery of the security breach, steps were immediately taken to secure the portal and third-party cybersecurity experts were engaged to assist with the forensic investigation, mitigation, restoration, and remediation efforts.

The investigation confirmed sensitive patient data had been exposed and may have been compromised, including names, addresses, phone numbers, certain prescription information, and limited medical data. Ravkoo said the impacted portal did not contain any Social Security numbers, which are not maintained in the affected portal. The forensic investigation did not uncover any evidence that indicated information contained within the portal has been or will be misused.

Ravkoo has reported the cyberattack to the Federal Bureau of Investigation (FBI) and is assisting with the investigation. Ravkoo has also been working with forensics experts to review the security of its AWS environment. Steps are now being taken to improve security to prevent further data breaches in the future.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The data breach has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting up to 105,000 individuals. Affected individuals are being offered complimentary access to Kroll’s online credit monitoring service as a precaution, which includes access to resolution services in the event of identity theft.

Micah Lee at The Intercept said in a September 28, 2021 tweet that a hacker had claimed responsibility for the attack on Ravkoo and said the patient portal was “hilariously easy” to hack and involved the use of a hidden admin portal that any user could log in to and request patient data.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist