Email Hack Sees PHI of 53,000 Pharmacy Patients Exposed

53,173 patients who received services from Onco360 and CareMed Specialty Pharmacy have been notified that some of their protected health information has been compromised.

A security breach was suspected on November 14, 2017, when suspicious activity involving an employee’s email account was detected.

Third party computer forensics experts were called in to conduct an investigation to determine the nature and scope of the breach. On November 30, it was determined that the breach involved three email accounts.

An analysis of the emails in those accounts revealed some messages contained the PHI of patients, which could potentially have been accessed and stolen by the hacker.

The information potentially compromised included names, demographic information, clinical information, details of medications provided by the pharmacy, Social Security numbers, and health insurance information. A limited number of patients may also have had some financial information exposed.

No reports have been received to suggest any protected health information has been misused, although patients have been advised to exercise caution and check their credit reports, billing statements, and Explanation of Benefit statements for any sign of fraudulent activity. Patients have also been offered complimentary credit monitoring and identity theft protection services through ID Experts for 12 months.

The security breach appears to have occurred as a result of employees opening phishing emails. All staff have now received further training to help them recognize malicious emails and email security controls have been improved to prevent future attacks.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.