Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

This startup brings dealers together to bid on your used car

Claude Cowork expands to mobile and web

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Claude Cowork expands to mobile and web

    7 July 2026

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026
  • Apps

    X adds a video editor to encourage creators to post original content, not stolen reposts

    7 July 2026

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

    7 July 2026

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026
  • Transportation

    This startup brings dealers together to bid on your used car

    7 July 2026

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Healthcare startups scramble to assess fallout after Postmeds data breach affected millions of patients
Security

Healthcare startups scramble to assess fallout after Postmeds data breach affected millions of patients

techtost.comBy techtost.com19 November 202308 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Healthcare Startups Scramble To Assess Fallout After Postmeds Data Breach
Share
Facebook Twitter LinkedIn Pinterest Email

More than two million people across the United States will receive notification that their personal and sensitive health information was stolen earlier this year during a cyberattack on Postmeds, the parent company of online pharmacy startup Truepill.

For some of those affected, this is the first they’ve heard of Postmeds, let alone that the company lost their sensitive personal and health information in the data breach.

News of the data breach also appeared to identify unknown healthcare startups that previously relied on Postmeds to fill their customers’ prescriptions.

Postmeds, or Truepill, is an online pharmacy fulfillment startup that fills prescriptions for branded telehealth services and other pharmacies and mails medications to their customers. Postmeds, through Truepill, has filled prescriptions for customers of Folx, Hims and GoodRx, and other popular online telehealth startups that have emerged in recent years.

Even if you’ve never heard of Postmeds, the company may have filled one of your prescriptions and handled your information. Truepill’s website says it has dispensed 20 million prescriptions to three million people since it was founded in 2016.

Postmeds recently told federal regulators in a legally required notice that 2.3 million people had their personal information stolen in the breach. The company began sending written notifications to affected individuals in early November.

Data breach ‘presents huge risk’

Inside data breach notificationPostmeds said the hackers stole a trove of sensitive data, including patient names and demographic information — such as dates of birth — the type of drugs prescribed and the name of the prescriber. In some cases, this information can infer the reason for taking the drug, which may include highly sensitive medical information about a person, such as details about their mental, sexual and reproductive health.

Some of those who received data breach notification letters told TechCrunch they were unfamiliar with Postmeds and why the company had their information.

“My partner and I also had overlapping periods where we were both Folx patients, but I never received a letter,” a former Folx customer whose partner received a data breach notification told TechCrunch.

Folx Health is a telehealth company serving the LGBTQIA+ community, with clinicians who can prescribe medications that support gender-affirming care. Folx said it previously used Truepill to fill customer prescriptions.

When reached by TechCrunch for comment, Folx COO Dana Clayton told TechCrunch: “Folx terminated its relationship with Truepill in November 2022. We are in contact with Truepill regarding the incident and are working to quickly assess any potential impact on our members. “

“Once I received my first package and saw ‘Truepill’ on the box from Folx, I realized, admittedly slowly on my part, that my data had been sent to an organization I personally had no trust with.” Former customer of Folx

“Like other healthcare companies, we send prescriptions to a wide range of pharmacies based on member choice, drug availability, cost and other factors. Folx takes the privacy of its members seriously and holds its partners to the highest security standards,” said Clayton. “The Truepill data breach has caused us great disappointment and concern, and Folx is committed to keeping our members informed as we learn more.”

Folx’s former client, who works in cybersecurity, told TechCrunch that the data breach “presents a huge risk, especially for a community that stands to lose a lot more with that data breach.”

Postmeds has not commented publicly beyond its data breach notification. TechCrunch asked Postmeds CEO Paul Greenall in an email to provide a list of companies Postmeds has worked with whose customers are affected. Grinal did not answer.

Another person who received a data breach notification letter said he was prescribed a continuous glucose monitor a year ago by startup Levels Health, which relies on Truepill to fill its customers’ prescriptions for blood glucose monitors.

When contacted by TechCrunch, Levels would not say whether its customers in the United States are affected by the Postmeds breach.

Kate Burton-Barlow, who represents Levels through a third-party agency, said in an email that Levels had “previously established a relationship with Truepill in the UK in anticipation of a future UK launch, but that launch has not taken place, therefore Levels does not have any customers in the UK that this could affect.’

TechCrunch reached out to several healthcare companies that relied on Truepill to distribute and ship medications.

When asked for comment by TechCrunch, Hims Khobi Brooklyn spokesperson did not dispute that customer data was affected by the breach involving Truepill. The spokesman did not say how many Hims customers were affected, but noted that not all Hims customers had their prescriptions paid by Truepill.

“Customer care and data security are top priorities at Hims & Hers, we’ve invested heavily in both and are proud of our track record. While this was not a breach of our systems or data, it is a reminder to remain vigilant about the steps we take to protect our customers,” Brooklyn said in a statement.

The startup Telehealth Cerebral, which provides telehealth services and prescription drugs for mental health conditions, told TechCrunch that it has not had a business relationship or shared patient information with Truepill since 2022. “To date, we have not seen any notices of a breach and they have no reason to believe that any brain patient [protected health information] has been impermissibly disclosed or accessed,” Cerebral spokeswoman Brittney Henderson said in an email. (Cerebral disclosed separately earlier this year that it had shared millions of patient data with advertisers over several years.)

Several other pharmacies that partnered with Truepill did not comment when contacted by TechCrunch ahead of publication.

CostPlus, the lowest-cost online pharmacy founded by Mark Cuban that relies on Truepill to ship drugs to customers, did not respond to requests for comment. Cuban invested an undisclosed amount in Truepill earlier in 2023.

The health coupon and prescription giant GoodRx relies on Truepill as a mail delivery partner. GoodRx spokeswoman Lauren Casparis did not respond to requests for comment.

Nutrisense, a tech startup that provides prescription continuous glucose monitors, is using Truepill to fulfill some orders, TechCrunch has learned. Nutrisense CEO Alex Skryl did not respond to an email seeking comment.

The HIPAA connection

It is not uncommon for technology or healthcare companies to share patient data with other companies, such as third parties or specialty pharmacies, to fulfill their services.

US health care providers, such as doctors’ offices and pharmacies, and insurance companies are subject to the privacy and health security rules set forth in the Health Insurance Portability and Accountability Act, or HIPAA, which in part governs how providers healthcare must properly manage patient data security and confidentiality. Falling HIPAA wrong can result in hefty fines.

However, many telehealth startups are not considered “covered entities” under HIPAA, and HIPAA often does not apply because the startups themselves do not provide care, but connect patients with healthcare providers.

As Consumer Reports notesHIPAA “sets out privacy rules that health care providers and insurance companies must follow when handling personally identifiable medical data,” but the same information that is protected in a doctor’s office “may be completely unchecked in other settings.”

Both Hims and Cerebral note in their privacy policies that while state privacy laws may apply, HIPAA “does not necessarily apply to an entity or person simply because health information is involved.” Companies that say they are “HIPAA Compliant” may mean that HIPAA does not apply to them.

The US has no national data security or privacy laws and instead relies on a patchwork of state laws that vary from state to state. Most Americans live in states that have little or no protection against the sharing of an individual’s information.

Instead, companies typically specify how they handle customer or patient data in their privacy policy, but are not required to disclose which specific companies they work with.

The two people who received data breach notification letters from Postmeds and spoke to us for this story criticized the companies that issued their prescriptions for a lack of transparency about who their business partners are and which of those partners would receive their sensitive personal information.

“Once I received my first package and saw ‘Truepill’ on the box from Folx, I realized, admittedly belatedly on my part, that my data had been sent to an organization I personally had no trust with.” former Folx user told TechCrunch.

Several threads on Reddit have comments from people who received data breach notifications from Postmeds but are unsure which company provided Postmeds with their information.

“I just got this letter and I have no idea which doctor it’s going through,” one person said. “He also received this letter. No knowledge of the company,” said another.

The breach is the latest to hit embattled Truepill.

Truepill underwent several rounds of redundancies in 2022, including large parts of its product team and all of its UK employees. In September, it was Truepill co-founder Sid Viswanathan pushed back by the company.

Earlier this month, Truepill settled with the US Drug Enforcement Administration alleging that illegally distributed thousands of prescriptions for controlled substancesin which Truepill “accepted responsibility for operating an unregistered online pharmacy”.


Do you work at a healthcare organization affected by the Postmeds/Truepill breach? Zack Whittaker can be reached on Signal and WhatsApp at +1 646-755-8849 or via email. you can also contact Carly Page securely on Signal on +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.

affected assess breach cyber security data data breach electronic attack fallout Health Care Healthcare millions online pharmacy patients Postmeds scramble security startups Truepill
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleTikTok’s latest feature lets you save favorite songs directly to Spotify, Apple Music, and Amazon Music
Next Article Cybersecurity investor Ballistic Ventures seeks $300 million in new capital
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Station F emerges as a launch pad for Europe’s hottest AI startups

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

7 July 2026

This startup brings dealers together to bid on your used car

7 July 2026

Claude Cowork expands to mobile and web

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.