Walmart vendor error exposed limited patient information

Walmart, who reported a breach involving pharmacy records in March, has disclosed another breach to HHS. This one, reported June 8, reportedly affected 27,393 patients. Thankfully, it does not seem to have exposed particularly sensitive information.

DataBreaches.net asked Walmart for a statement describing the incident, and received the following statement:

Recently, we learned that the company that processes our patient refund checks experienced a printing error.

This error caused incorrect information to be printed on the letters that accompanied the refund checks sent to customers. As a result, the mailing a customer received may have included another individual’s information, limited to: (1) name, (2) a pharmacy prescription number or an optical order number, (3) the order date, and (4) a refund amount. The city and state of the Walmart or Sam’s Club visited also was included. It should be noted that no Social Security numbers, driver’s license numbers, financial information, insurance information, addresses, telephone numbers, date-of-birth, or prescription names were disclosed and no electronic information of any kind was affected.

These letters are dated May 13, 2016 and were sent on May 15, 2016. We were informed of the printing error on May 20, 2016 and immediately began looking in to the matter with the company that handled these mailings. We are also reviewing policies and procedures with them to prevent this error from occurring again. Although we do not anticipate any harm to patients and have no indication the information was misused, out of an abundance of caution, we have notified any customers who may have been affected.

While we do not take this lightly, it is important to note that the information that was disclosed is highly unlikely to lead to any fraudulent activity by those who received the letter.

The checks customers received are legitimate and correct. It is a refund they are entitled to receive and should feel assured to cash and utilize it. We will be following up with patients who do not cash their checks to help ensure that all refunds are effectively received. If customers would like to contact us to confirm or replace the check, they should call 1-866-788-5580.

We place great value in our customers’ trust and take this matter very seriously.  We are fully committed to protecting the privacy and security of our customers’ personal information.

 

About the author: Dissent