Dedicated to providing the latest
HIPAA compliance news

Medicap Pharmacy Warns Des Moines Customers of Potential Data Breach

Share this article on:

The Medicap Pharmacy, a franchise of pharmacy stores operating in 28 U.S. states, has announced a data breach that impacts customers who visited one of its pharmacies in Des Moines.

Customers who filled prescriptions between June 2014., and November 3, 2015., at the Medicap Pharmacy located at 2804 Beaver Ave, Des Moines, Iowa, may have had some of their protected health information exposed.

Affected individuals are being notified by mail of the data breach, which exposed customer names, home addresses, contact telephone numbers, dates of birth, Social Security numbers, insurance information, prescribed medications, cost of those medications, and prescriber information.

The data were stored on a portable external hard drive which was accidentally disposed of on November, 5, 2015. While it was known that the hard drive contained sensitive information of some of its customers, the pharmacy initially thought that those data had been encrypted. While that appears to have been the case for some customers, not all data stored on the drive were protected with encryption. Medicap Pharmacy discovered that to be the case on December 3, 2015.

Since the data that were exposed could potentially be used for nefarious purposes, Medicap will be offering affected customers a year of identity theft protection services through Kroll without charge. These services are being offered out of an abundance of caution. The pharmacy does not believe any data have been obtained by criminals or viewed by any unauthorized individuals; however, the portable hard drive has not been recovered. All affected customers should therefore exercise caution and obtain credit reports from the three main credit monitoring agencies. Since insurance information has been exposed, affected customers should also check Explanation of Benefits (EoB) statements from their health insurers.

Medicap Pharmacy has advised customers to report any instances of suspected identity theft to their local law enforcement department, and file a report with the state attorney general.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On