An anonymous reader writes: It appears that most pharmacies in the US are interconnected, and a breach in one leads to access to the other ones. A security advisory released [Friday] shows how a vulnerability in an online pharmacy granted access to prescription history for any US person with just their name and date of birth.
From the description linked above: During the signup process, PillPack.com prompts users for their
identifying information. In the end of the signup rocess, the user is
shown a list of their existing prescriptions in all other pharmacies
in order to make the process of transferring them to PillPack.com easier.
... To replicate this issue, an attacker would be directed to the
PillPack.com website and choose the signup option. As long as the full
name and the date of birth entered during signup match the target, the
attacker will gain access to the target's full prescription history.