Walmart: Notice of Data Security Incident
On February 16, 2021, Walmart was informed by one of its suppliers that a data hosting service they used was compromised on January 20, 2021. An unauthorized party accessed the service and stole records from that service provider. Some of those records included information about a confined number of Walmart pharmacy patients. Walmart’s information systems were not affected by this incident, but we immediately began investigating to determine whether any personal information handled by our supplier was affected.
Our investigation revealed the information affected may have included some patient names, addresses, dates of birth, telephone numbers, information about medications such as drug name and strength, prescription numbers, prescriber information such as prescriber name, and dates associated with the prescription, such as fill dates. A very small number of heath insurance subscriber identification numbers also was impacted.
Walmart takes this matter very seriously and we are fully committed to protecting the privacy and security of our patients’ health information. Our supplier immediately stopped using the affected service. Although Walmart’s systems were not impacted, we will be reviewing our supplier’s security practices and monitoring the circumstances surrounding this event.
Walmart is sending individual notices to affected patients regarding this incident. If you have any questions, we encourage you to contact our dedicated call center at (855) 908-1012. As a reminder, please be vigilant when reviewing explanations of benefits and other information pertaining to you and always be cautious about requests to provide any personal or financial information over the phone, by text, or by email. Be sure to always verify the source of any request for such information.
Walmart places great value in its patients’ trust and we are fully committed to protecting the privacy and security of patients’ personal information.
Note: Walmart was sent an inquiry whether their report was in any way related to Accellion’s breach, but received no reply by publication time. This post may be updated if a reply is received.