Data Security Incident
RXLTC, PLLC (“RXL”) and Prescription Pharmacy, PLLC (“PP) (collectively “RXLTC”) own two pharmacies located in the State of Washington, RX Pharmacy, LTC and RX Pharmacy, respectively. On or about October 15, 2020, RXLTC detected suspicious activity within its email network environment. It was discovered that a business email may have been compromised on or about October 6, 2020. RXLTC immediately engaged a third-party forensic specialist to assist RXLTC in its analysis of any unauthorized activity. Through its investigation, it was determined that RXLTC business email accounts may have been compromised by an unauthorized third-party.
Out of an abundance of caution, RXLTC undertook a comprehensive and time-sensitive review of all of the files that could have been impacted, and to determine the scope of the breach. This review was completed on or about March 5, 2021, and determined that protected health information and/or personal information relating to patients was present within the email accounts that may have been compromised.
Although RXLTC found no evidence that any information has been specifically accessed for misuse, it is possible that patients’ name, address, date of birth, medical conditions/diagnosis, medications, medical treatment information, biometric data, driver’s license number, and/or state ID number, and for some, financial account numbers, payment card numbers and/or social security numbers could have been exposed. This information may have been located in one of the email mailboxes of the compromised accounts. A review of the activity of the unauthorized actor did not reveal any specific access to this information.
RXLTC has not received any reports of related identity theft since the date that the potential compromise was initially detected.
The security, privacy, and confidentiality of personal information are among RXLTC’s highest priorities. Upon detecting this incident, RXLTC moved quickly to initiate incident response, which included conducting an investigation with the assistance of third-party forensic specialists and confirming the security of our email environment. RXLTC is taking steps to enhance the security of our systems, and have reviewed and altered our policies and procedures relating to the security of our systems.
RXLTC mailed notification letters to the potentially impacted individuals, which includes information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. The call center is available Monday through Friday from 9:00 am to 9:00 pm Eastern Time, and can be reached at 1-877-536-9731. In addition, and out of an abundance of caution, we are offering complimentary credit monitoring services through IDX to potentially impacted individuals at no cost to them. While we are unaware of any misuse of your information as a result of this incident, we are offering you 12 months of free credit monitoring.
The privacy and protection of personal information is a top priority, and we sincerely regret any inconvenience this incident may cause.