PillPack said an internal investigation found email addresses and passwords weren’t taken, and it’s likely the unauthorized user was able to access accounts because customers used the same log-in information for another website.
“There is no evidence that the information viewed has been used in any way, and there has been no unusual activity on the impacted accounts. The limited information that was revealed is not enough to steal someone’s identity,” a PillPack spokesperson wrote in a statement to Healthcare Dive. “This event was limited to PillPack, and we both notified the impacted customers directly and posted the notification to our website.”
Amazon acquired PillPack in 2018 in one of the retail and technology giant’s first moves into healthcare. The ecommerce giant launched its Amazon Pharmacy offering two years later, and recently added a generic drug subscription service and a feature that automatically applies manufacturer-sponsored coupons to eligible orders.
Another deal that cemented Amazon’s ambitions in healthcare — its $3.9 billion acquisition of primary care provider One Medical — closed earlier this year. Though some consumer protection groups raised concerns about the purchase, including questions about data privacy, the Federal Trade Commission missed a deadline to sue and block the acquisition.