Share this article on:
Approximately 10,000 patients of Raley’s Pharmacy are being notified that some of their protected health information (PHI) has potentially been compromised.
On September 24, 2018, a laptop computer was stolen from a Raley’s pharmacy that may have contained some patients’ PHI.
Raley’s pharmacy immediately launched an investigation to determine what information was stored on the device. Interviews were conducted with staff members who had used the device in an attempt to understand the types of content that may have been exposed. The email accounts of employees were also checked for attachments and links to documents that contained ePHI, to determine which files had been downloaded or were stored in cache files in a temporary directory on the laptop.
After careful analysis, Raley’s Pharmacy was able to determine that the only patients affected by the security incident were those that had visited a Raley’s, Bel Air, and Nob Hill Foods pharmacy between January 1, 2017 and September 24, 2018 to have prescriptions filled.
An analysis of the files which had potentially been downloaded to the laptop confirmed that highly sensitive information such as Social Security numbers, addresses, credit card information, and driver’s license numbers had not been compromised. The breach was limited to first and last names, gender, dates of birth, visit dates, pharmacy location visited, medical condition, prescription information, and health plan ID numbers.
Since Health plan/insurance information has potentially been exposed, affected patients have been advised to monitor their Explanation of Benefits statements for any sign of fraudulent activity.
The security incident has prompted Raley’s Pharmacy to implement encryption on all laptops to prevent data access by unauthorized individuals should further theft incidents occur. Additional security controls are also being evaluated.