25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Medicap Pharmacy Warns Des Moines Customers of Potential Data Breach

Posted By on Feb 5, 2016

The Medicap Pharmacy, a franchise of pharmacy stores operating in 28 U.S. states, has announced a data breach that impacts customers who visited one of its pharmacies in Des Moines.

Customers who filled prescriptions between June 2014., and November 3, 2015., at the Medicap Pharmacy located at 2804 Beaver Ave, Des Moines, Iowa, may have had some of their protected health information exposed.

Affected individuals are being notified by mail of the data breach, which exposed customer names, home addresses, contact telephone numbers, dates of birth, Social Security numbers, insurance information, prescribed medications, cost of those medications, and prescriber information.

The data were stored on a portable external hard drive which was accidentally disposed of on November, 5, 2015. While it was known that the hard drive contained sensitive information of some of its customers, the pharmacy initially thought that those data had been encrypted. While that appears to have been the case for some customers, not all data stored on the drive were protected with encryption. Medicap Pharmacy discovered that to be the case on December 3, 2015.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Since the data that were exposed could potentially be used for nefarious purposes, Medicap will be offering affected customers a year of identity theft protection services through Kroll without charge. These services are being offered out of an abundance of caution. The pharmacy does not believe any data have been obtained by criminals or viewed by any unauthorized individuals; however, the portable hard drive has not been recovered. All affected customers should therefore exercise caution and obtain credit reports from the three main credit monitoring agencies. Since insurance information has been exposed, affected customers should also check Explanation of Benefits (EoB) statements from their health insurers.

Medicap Pharmacy has advised customers to report any instances of suspected identity theft to their local law enforcement department, and file a report with the state attorney general.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist