May 3, 2015 08:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QyVHGRgWcFM/hacking-the-us-prescription-system
Hacking the US Prescription System
An anonymous reader writes: It appears that most pharmacies in the US are interconnected, and a breach in one leads to access to the other ones. A security advisory released [Friday] shows how a vulnerability in an online pharmacy granted access to prescription history for any US person with just their name and date of birth.From the description linked above: During the signup process, PillPack.com prompts users for theiridentifying information. In the end of the signup rocess, the user isshown a list of their existing prescriptions in all other pharmaciesin order to make the process of transferring them to PillPack.com easier.... To replicate this issue, an attacker would be directed to thePillPack.com website and choose the signup option. As long as the fullname and the date of birth entered during signup match the target, theattacker will gain access to the target's full prescription history.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QyVHGRgWcFM/hacking-the-us-prescription-system
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot