In a May data breach notification letter, Zocdoc began notifying patients that their data was exposed at medical or dental practices where they book appointments.
Five details:
- In August 2020, Zocdoc learned about the programming errors that gave former or current practice staff members access to the provider portal after their authorization was intended to be removed.
- Each practice or health system they are affiliated with has been notified of the errors and will conduct an internal review to assess the scope of the breach. These healthcare providers may send patients an additional data breach notification letter.
- There were 7,600 patients affected by the breach, Tech Crunch reported. Breached data includes a patient’s name, Social Security number and medical history. If someone helped a patient book an appointment or if there was an insurance holder other than the patient, that data may have been exposed as well.
- Zocdoc launched an investigation of its software and code. It repaired the programming errors, and the affected usernames no longer have access to the patient portal.
- Zocdoc is partnering with Experian to provide affected patients identity monitoring services for 12 months. Exposed patients have to enroll in the service by Sept. 30.
