Cybercriminals Hit Washington Laboratory and New York Pharmacies
Hacking-related data breaches have been reported by Meridian Valley Laboratories in Washington, and College Parkside Pharmacy and College Hometown Pharmacy in New York state.
College Parkside Pharmacy & College Hometown Pharmacy
Certain patients who received services from College Parkside Pharmacy and/or College Hometown Pharmacy in New York state are being notified about a recent security incident that potentially involved unauthorized access to their protected health information. The pharmacies are operated by Albany College of Pharmacy and Health Sciences, which previously announced the security breach; however, the HHS’ Office for Civil Rights has only recently been notified. The OCR breach portal indicates the incident affected 9,742 individuals who received services from College Hometown Pharmacy and 5,736 individuals who received services from College Parkside Pharmacy.
According to the breach notice, unusual activity was identified within its computer network on or around September 14, 2024. External cybersecurity specialists were engaged to assist with the investigation and confirmed unauthorized network access between August 31, 2024, and September 14, 2024. A limited amount of data was exfiltrated during that time, in what was described as “a sophisticated cybersecurity incident”.
The delay in issuing notifications was due to the time taken to review the affected files. That process was completed on May 30, 2025, and notification letters started to be mailed on June 16, 2025. No evidence of data misuse has been identified; however, the following data was exposed and potentially stolen: First and last name, plus one or more of the following: date of birth, birth certificate, account number, routing number, security code, marriage certificate, mother’s maiden name, digital signature, passport number, government identification number, Social Security number, taxpayer ID number, driver’s license number, payment card number, payment card expiration date, alien registration number, username and password, health insurance information, medical record number, mental or physical condition, diagnosis/treatment information, procedure type, provider name, prescription information, biometric data, and student information. Albany College of Pharmacy and Health Sciences said additional cybersecurity safeguards are being implemented to prevent similar incidents in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Meridian Valley Laboratories
Meridian Valley Laboratories in Tukwila, Washington, is investigating a security incident that was discovered on July 3, 2025. The investigation has so far revealed that there was unauthorized access to its network between May 30, 2025, and July 3, 2025. During that time, files were copied from its network. They are currently being reviewed to determine the individuals affected and the types of information involved.
At this stage of the investigation, it is too early to tell how many individuals have been affected. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 501 affected individuals. Meridian Valley Laboratories said notification letters will be mailed to the affected individuals as quickly as possible when the file review is completed, and they will be informed about the exact types of information involved.
In the meantime, all individuals who used Meridian Valley Laboratories have been advised to remain vigilant against identity theft and fraud by reviewing their accounts, explanation of benefits statements, and credit reports for suspicious activity.
