CVS data breach. It is one of the three famous pharmacies that experienced data breaches. What happened? And what should you know about data breaches?
CVS Data Breach Incident
The breach was not a lapse of security. Moreover, it was not a cyber attack neither. So, what is the cause of the CVS data breach?
The breach happened sometime on March 26, 2015. Then, CVS informed Moilan healthcare on July 20. But they informed the patients around September 17.
An ex-employee of the pharmacy stole the data. And it was a very destructive incident. Why?
It affected a total of 54,203 patients’ data. Thus, it compromised their health information.
Moreover, it affects many branches of the pharmacy. It also includes the current and former members of the following branches:
- California
- Florida
- Illinois
- Michigan
- New Mexico
- Ohio
- Texas
- Utah
- Washington
- Wisconsin
How did the CVS Data Breach happen?
Reports said that a former staff obtained the data inappropriately. How? He/she took the PHI of the patients. The employee emailed the data from the CVS computers to his computer.
Moreover, CVS still doesn’t know why the employee did that. However, they believe that the employee wants to get products from CVS.
On the other hand, there is no evidence of improper use of the stolen data. The data included:
- patients’ full names
- CVS ID
- CVS health card number
- birth dates
- addresses
- physician information
- member ID
- medicine plan number
- medicine plan state, start and end dates
Why healthcare breaches are common
There are three reasons why data breaches are common in healthcare providers like CVS.
- Security software is updated. Most healthcare providers have outdated antivirus software. Also, their management apps have security gaps. Many have not switched to centralized systems.
- Internal threat actors. Employee security training is vital. But, most companies skip this part. Besides, many companies have little restrictions to access of information.
- Healthcare data is expensive. The records are valuable. It involves phone numbers, full names, birthdates, and social security numbers. Also, it may even include credit or bank accounts. Thus, when posted in the black market, the hacker can earn big money.
What you can do
Are you a part of a company that experienced a data breach? Hence, you must be curious about what to do. Here are some tips.
- Be informed. Keep updated about the recent news on the data breach. Also, watch out for notices from your healthcare provider. Besides, you can track the activity of your accounts.
- Guard your valuable information. Check for unusual activities in your bank and card accounts.
- Place credit freezes or scam alerts. Whenever there’s a suspicious attempt in your account, your provider can freeze it. Thus, hackers can’t get your money.
- File a report. If the breach is confirmed, you can file a theft report to the FTC.
- Get your current copies of records. Get a complete list of your medical or financial records. So, you’ll see the data disclosures.
- Let your bank or healthcare provider know. They will help you take some other actions. Like changing your password or getting back the data.