Pharma company Pfizer leaked the medical data of 100’s of prescription-drug users in the USA for past many months or even years.
Pharma company Pfizer leaked the medical data of 100’s of prescription-drug users in the USA for the past many months or even years.
Pfizer is an American multinational pharmaceutical corporation. The company produces medicines and vaccines for a wide range of medical disciplines, including immunology, endocrinology, oncology, cardiology, and neurology.
“Initially, we suspected the misconfigured bucket to be related to just one of the medication brands exposed,” researchers explained. “However, upon further investigation, we found files and entries connected to various brands owned by Pfizer. Eventually, our team concluded the bucket most likely belonged to the company’s U.S. Drug Safety Unit (DSU).”
The exposed data revealed conversations between Pfizer’s automated customer support software and people using its prescription pharmaceutical drugs, including Lyrica, smoking-cessation aid Chantix, Viagra and cancer treatments Ibrance, Depo-Medrol and Aromasin.
According to vpnMentor’s cybersecurity research team, the exposed data includes phone-call transcripts and personally-identifiable information (PII). The PII contains full names, email addresses, home addresses, contact numbers and partial details of health and medical status.
Initially, researchers suspected the misconfigured bucket related to just one of the medication brands exposed. On further investigation, it was found files and entries connected to various brands owned by Pzifer revealed.
“The folder containing the transcripts was named ‘escalations,’ suggesting they were part of an automated internal process managing customer queries and complaints,” according to a vpnMentor blog post on Tuesday. “We also reviewed transcripts in which the conversation was ‘escalated’ to human customer support agents. It appeared these agents were registered nurses representing Pfizer in matters relating to its pharmaceutical brands.”
According to researchers, the bucket has been open to the internet since July. Some of the information dating back to October was exposed. The bucket was finally made private on September 23, after several attempts to contact the company.
“It took two months, but eventually, we received a reply from the company,” according to vpnMentor. “When they finally replied, all we received was the following statement: ‘From the URL you gave, I failed to see how it is important Pfizer data (or even any important data at all).’ This was a surprising response from one of the biggest companies in the world.”
A company spokesperson said that “ Pfizer is aware that a small number of non-HIPAA data records on a vendor-operated system used for feedback on existing medicines were inadvertently publicly available.
We take privacy & product feedback extremely seriously. To that end, when we became aware of this event, we ensured the vendor corrected the issue & notifications compliant with applicable laws will be sent to individuals.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?