Zocdoc says ‘programming errors’ exposed access to patients’ data

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Zocdoc says it has fixed a bug that allowed current and former staff at doctor’s offices and dental practices to access patient data because their user accounts weren’t properly decommissioned.

The New York-based company revealed the issue in a letter to the California attorney general’s office, which requires companies with more than 500 residents of the state affected by a security lapse or breach to disclose the incident.

Zocdoc, which lets prospective patients book appointments with doctors and dentists, said that it gives each medical or dental practice usernames and passwords for its staff to access appointments made through Zocdoc, but that “programming errors” — essentially a software bug in Zocdoc’s own systems — “allowed some past or current practice staff members to access the provider portal after their usernames and passwords were intended to be removed, deleted or otherwise limited.”

The letter confirmed that patient data stored in Zocdoc’s portal could have been accessed, including a patient’s name, email address, phone number, and the times and dates of their appointments, but also other data that may have been shared with the practice — such as insurance details, Social Security numbers and details of the patient’s medical history.

But Zocdoc said payment card numbers, radiological or diagnostic reports, and medical records were not taken, since it does not store this data.

In an email, Zocdoc spokesperson Sandra Glading said that the company discovered the bug in August 2020, but “due to the complexity of the code, it took a significant amount of investigation to determine which, if any, practices and users were affected and how.” The company said it provided notice to the California’s attorney general’s office “as soon as was practicable.”

Zocdoc said it has “detailed logs that can detect exploitation of any data, including any potential exploitation of this vulnerability,” and that after a review of those logs and other investigative work, “we have no indication, at this time, that any personal information was misused in any way.”

Around 6 million users access Zocdoc a month, the company said.

If this incident sounds vaguely familiar, it’s because this was a near-identical security issue to one Zocdoc reported in 2016. A letter filed at the time cited similar “programming errors” that allowed staff at medical providers to improperly access patient data.

More To Explore

Norton’s Game Optimiser can improve your computer’s performance by 30 per cent

When you’re an online gamer, you are always trying to find the edge on your opponents and the new Norton Game Optimiser has been found to improve your computer’s performance by up to a massive 30 per cent. Independent testing conducted by Passmark Software compared the Norton Game Optimiser against similar competitor products and found […]

The post Norton’s Game Optimiser can improve your computer’s performance by 30 per cent appeared first on Tech Guide.

Indian online insurer PolicyBazaar files for IPO, seeks to raise over $800 million

Indian online insurance aggregator PolicyBazaar has filed for an initial public offering in which it is seeking to raise $809 million, becoming the fourth startup in the past two months from the South Asian market to explore public markets. In papers submitted to the market regulator in India, PolicyBazaar said it is looking to raise […]

Ready to take the plunge into the online world?

drop us a line and keep in touch

× How can I help you?