Data Breach

Sensitive PII and Health Information Stolen During Ravkoo Data Breach

Ravkoo, Inc. (Ravkoo) recently announced that personally identifiable information and protected health information more than 100,000 individuals were exposed in a data breach. Ravkoo is an online prescription filling service that describes itself as a digital pharmacy and software service provider with over 400 distribution centers. Ravkoo disclosed in January 2022 that highly sensitive personal and medical information belonging to its customers was accessed by unauthorized individuals in or before September 2021. The data breach occurred when hackers targeted Ravkoo’s prescription portal, which is hosted on Amazon Web Services (AWS).

The information accessed by the hackers in the data breach includes, but is not limited to, patients’ names, addresses, email addresses, phone numbers, and prescription information.

The exposure of personally identifiable information poses a significant risk of identity theft, such as criminals opening financial accounts, taking out loans, filing fraudulent tax returns, and obtaining government services in the victim’s name. According to a recent FTC survey, the total cost of identity theft is nearly $50 billion per year, with victims losing an average of nearly $5,000 from the misuse of their personal and financial information. The exposure of protected medical information, such as prescriptions, can pose an even greater danger of identity theft.

Due to the data breach, customers of Ravkoo have been exposed to a heightened risk of fraud and identity theft and must now closely monitor their financial accounts to guard against fraud. Ravkoo customers might also incur out-of-pocket costs for purchasing credit monitoring services, credit freezes, credit reports, or other protective measures to deter and defect identity theft.

If you ever used Ravkoo’s services or obtained a prescription through Ravkoo, and you received a letter from Ravkoo notifying you of the data breach, or you believe that your personal or medical information information was exposed in the data breach, you may consider contacting an attorney. Cafferty Clobes Meriwether & Sprengel has significant experience litigating data breach matters, and is here to help.


February 3, 2022