More than two million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent company of online pharmacy startup Truepill.

Postmeds, through Truepill, has fulfilled prescriptions for customers of Folx, Hims, and GoodRx, and other popular online telehealth startups that have emerged in recent years.

Postmeds recently told federal regulators in a legally required notice that 2.3 million individuals had their personal information stolen in the breach.

“Like other healthcare companies, we send prescriptions to a wide range of pharmacies based on member choice, medication availability, cost, and other factors.

CostPlus, the lower-cost online pharmacy founded by Mark Cuban, which relies on Truepill for shipping medications to customers, did not respond to requests for comment.

As Consumer Reports notes, HIPAA “does lay out privacy rules for health care providers and insurance companies to follow when they handle personally identifiable medical data,” but the same piece of information protected at a doctor’s office “can be totally unregulated in other settings.”

Saved 88% of original text.