How Has ZocDoc Addressed the Problem?
Upon discovering the programming error, ZocDoc launched an investigation to determine how the error occurred, and how many patients were potentially affected as a result. ZocDoc has since fixed the coding error, and revoked portal access to the affected usernames.
Sandra Glading, ZocDoc spokesperson, stated that the bug was discovered in August 2020, but “due to the complexity of the code, it took a significant amount of investigation to determine which, if any, practices and users were affected and how.”
She furthered that ZocDoc has “detailed logs that can detect exploitation of any data, including any potential exploitation of this vulnerability.” After reviewing the logs they, “have no indication, at this time, that any personal information was misused in any way.”
ZocDoc has since corrected the programming error, and revoked access for the accounts in question. However, although ZocDoc has addressed the current programming errors, this is not the first time that something like this has occurred. In June 2015, ZocDoc reported a similar programming error that allowed improper patient data access. This indicates that this kind of breach can easily reoccur in the near future, and therefore, users must be vigilant in monitoring their accounts.
ZocDoc has also notified patients potentially affected by the incident via mail. They are offering these individuals complementary identity monitoring services, in which patients have until September 30, 2021 to enroll in.