Doxy.me User Community

Why is this the first that I am learning of this data breach?
Which practices were involved?
Do I have to worry?
Any thoughts or comments from Doxy.me? I think this is a fair question.

Thank you for posting, @massenasober. Please see our official response below.

What happened: Doxy.me was notified that certain third-party URLs used on its main website were also enabled when a user enters a virtual waiting room. Data sent to those third-parties were basic browser details (version, operating system, etc.) and, in some cases, the public virtual waiting room URL (that is self-chosen by each provider during the Doxy.me account registration process). Such browser details are routinely collected by many websites and was being collected for a recent marketing campaign that has since ended. No patient data whatsoever was exposed as the article’s title erroneously stated.

The use of third-parties is allowed and described in our privacy policy (Privacy Policy - Doxy.me).

Actions taken: Doxy.me quickly removed all third-party URLs from the virtual waiting room and is in the process of removing all data collected from those third-parties.

Follow-up: As there is no need to continue sending browser information, we have removed the ability for these third-party websites to track the performance of our marketing campaigns.

What does this mean for patients and providers? No action is required. And to be clear: Doxy.me neither collects nor stores patient health information.

Doxy.me regrets having those third-party URLs in the virtual waiting room entry page.