Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

Briefly

"Telehealth provider Call-On-Doc, Inc., dba Call-On-Doc.com, advertises that it has 2 million active patients and treats 150+ medical conditions. It claims to be the most highly rated telehealth service, and it assures patients of "state-of-the-art" data security for their information. But if a post on a hacking forum is accurate, Call-On-Doc recently had a breach that may have affected more than one million patients."

"Three screenshots with rows of dozens of patients' information were included in the listing. An additional .txt file with information on 1,000 patients was also included. Inspection of the screenshots immediately raised concerns about the sensitive information they revealed. Although some appointments were visits for conditions such as strep infections or other medical conditions, a number of patient records were for the "STD" category (sexually transmitted disease), with the specific type of STD listed in the "Condition" field."

"Call-On-Doc does not accept insurance. It is a self-pay model, and no health insurance information or Social Security Numbers were included in the data. Because it is self-pay, DataBreaches is unsure whether Call-On-Doc is a HIPAA-regulated entity. If it uses electronic transmission for other covered transactions, it might be. But even if it is not a HIPAA-regulated entity, it would still be regulated by state laws and the Federal Trade Commission (FTC)."