New York-based Zocdoc, an appointment-booking portal, last week submitted a notice informing the California Office of the Attorney General of a programming error that had allowed unauthorized access to its patient data.
The company was required to disclose security lapses per California law. The bug, discovered in August, allowed health provider clients, whose usernames and passwords were intended to be removed, continued access to Zocdoc's portal.
Data that could have been accessed included patient names, email addresses, phone numbers, appointment histories, social security numbers, insurance member ID numbers and medical histories. Roughly 7,600 users' data was affected.