Like other companies, Genentech has a patient support program to assist patients who cannot afford needed medications. Unhappily, the patient support program data, maintained by an unnamed vendor, was breached. Genentech reported the breach to the New Hampshire Attorney General’s Office on September 29, noting that they had been informed of the breach on August 17.
According to Robert Glaser, the firm’s Chief Privacy officer, data maintained by the unnamed vendor included patients’ names, addresses, dates of birth, phone numbers, e-mail addresses, drivers’ license numbers, Social Security numbers, medical information, and health insurance information.
The wealth of information poses a significant risk of identity theft, and although the firm doesn’t believe the data will be misused, the firm offered those affected free credit monitoring protection in its letter dated September 30.
Significantly, perhaps, Genentech refers to the vendors’ computers (plural) having possibly been accessed. It that is the case, the total number of individuals affected could be a lot higher than the 10 people affected in New Hampshire.
Eventually, we may see this breach on HHS’s breach tool, at which time the number affected and the name of the vendor will be disclosed. Unless, of course, the total number is less than 500.
Update: Threat Post puts the number at 3,500.