Doxy.me, a telehealth provider, experienced an issue on its platform in which it accidentally shared patients provider information, further accentuating the permanence of cybersecurity growing pains.
Telehealth platform Doxy.me is fixing an issue that allowed three third-party firms to access the names of some patients’ providers, the company told CyberScoop after it notified the company of the problem.
The company, which self-reports as holding 30% of the growing U.S. telemedicine market and is currently used by over 1 million providers worldwide, appeared to also be sharing IP addresses and unique device identification numbers with Google, Facebook and the marketing software company HubSpot, privacy researcher Zach Edwards found after examining the platform.
The sensitive user data was accessible when patients clicked on a link to the platform’s “virtual waiting room” service, which connects patients with medical professionals. Providers can choose the name of their waiting room, which is often their name or the name of their medical practice. (In a sample observed by CyberScoop, the URL included the name of a provider.)
Read the full story on Cyberscoop.