DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Molina Healthcare notifies members that CVS employee stole some of their PHI for fraudulent purposes (Updated)

Posted on September 21, 2015September 23, 2015 by Dissent

Molina Healthcare is notifying members of a breach of protected health information (PHI) involving an employee of their vendor, CVS. In a letter dated September 17, they write:

This is to let you know that CVS, Molina Healthcare’s Over-the-Counter (OTC) benefits vendor, told us on 7/20/15 about a breach of your protected health information (PHI). This is to tell you about this incident and what you can do to protect yourself from potential harm.

On or about 3/26/15, a former CVS employee took PHI from CVS’ computers and sent it to his personal computer. CVS believes he did this to fraudulently obtain OTC products from CVS. Upon learning of this incident, CVS took prompt action to investigate this issue. No fraudulent use of your PHI has been found. The PHI involved in the breach is as follows: Full Name; CVS ID; CVS ExtraCare Health Card Number; Member ID; Rx Plan Number; Rx Plan State; Start Date; and End Date.

This may put you at risk for identity theft.

Huh? How? Unless they mean medical identity theft? But it seems they don’t mean medical identity, because they continue:

We think you should place a fraud alert on your credit file. A fraud alert tells creditors to call you before opening any new accounts.

You can read the full notification letter here.

I have no idea how these data types could be used for identity theft that would require a fraud alert or anything other than checking EOBs for a while. No date of birth and no social security number (unless CVS uses SSN for CVS ID or Molina Healthcare uses SSN for Member ID…?)

Update: This incident was subsequently reported to HHS as affecting 54, 203.

Related Posts:

  • Molina breach on patient data (updated)
  • Molina Medicare enrollees notified of RxAmerica…
  • VA: Fairfax County Health notifies 1,499 patients…
  • YMCA says someone stole computer with members' data
  • Shands notifies individuals of information breach

Post navigation

← Should Hacked Feds Lose Security Clearance?
Former Morgan Stanley adviser pleads guilty to stealing clients’ information →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
  • Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
  • CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)
  • Seeking clarification on Maine’s data breach notification statute
  • East River Medical Imaging notifies 605,809 patients of breach

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net