GoodRx Under Fire: Company Fails to Report Data Breach and Faces Consequences
By: Mack Jackson Jr
By: Mack Jackson Jr
GoodRx, a popular company that helps people save money on prescriptions, was recently fined $1.5 million by the Federal Trade Commission (FTC) for not reporting a healthcare data breach promptly and adequately. Thousands of GoodRx users had their personal and health information made public because of the breach. This violation shows how important it is to keep sensitive healthcare data safe and secure.
What is GoodRx and How Does it Work?
GoodRx is a leading company that helps people get lower prices on prescription drugs at more than 70,000 pharmacies across the country. The company operates by partnering with pharmacies to offer discounts on prescription medications, and users can find the best prices for their prescriptions by using GoodRx’s website or mobile app. GoodRx is free to use and does not require any insurance or membership to access its discounts.
What Happened in the GoodRx Data Breach?
In 2019, GoodRx had a data breach that put thousands of users’ personal and health information at risk. The breach occurred due to a misconfigured server, which allowed unauthorized access to the sensitive information of GoodRx users. The data breach included information such as names, addresses, birthdates, and prescription information, among other details.
Why Did the FTC Impose a Penalty on GoodRx?
The FTC fined GoodRx $1.5 million because it didn’t report the data breach quickly or correctly. The FTC requires companies to report data breaches as soon as they find out about them so that people can take steps to protect their private information. GoodRx told the FTC about the breach several months after it happened, which is against FTC rules.
The Importance of Protecting Healthcare Data
The GoodRx data breach shows how important it is to keep sensitive health information safe since it can seriously affect people if it gets into the wrong hands. People’s personal and health information is some of the most sensitive information they can have, and companies must take steps to protect it and report any breaches quickly.
Best Practices for Protecting Healthcare Data
To protect sensitive healthcare data, especially in the healthcare industry, companies must follow best practices and follow the laws and rules that apply. Some of the best practices for protecting healthcare data include:
Regularly reviewing and updating security measures, including firewalls and access controls
Encrypting sensitive data and using secure protocols for transmitting information
Providing employee training and education on data protection and security
Implementing strict data access policies to limit who can access sensitive information
Regularly monitoring for suspicious activity and reporting any potential breaches as soon as they are discovered
The FTC’s imposition of a $1.5 million penalty on GoodRx for its failure to report a healthcare data breach serves as a reminder of the importance of protecting sensitive healthcare data and the consequences that companies can face if they do not take the necessary steps to ensure its protection. By following best practices and implementing the rules and laws that apply, companies can protect sensitive healthcare data and mitigate damages from a data breach.
About the Author
Mack Jackson Jr. is the CEO of Vanderson Cyber Group. In the age of global cyber threats, Vanderson Cyber Group helps businesses protect themselves from cyberattacks by teaching them cybersecurity awareness. Vanderson Cyber Group uses state-of-the-art practices in security policy development and comprehensive employee training. One of the essential services is phishing simulation and compliance training, which keep employees up-to-date on the threat landscape. Vanderson Cyber Group also provides resources for cyber insurance, managed services, and legal representation. For more information: http://www.vandersoncybergroup.com