Email Account Breach at Ron’s Pharmacy Services

by | Feb 14, 2018

Ron’s Pharmacy Services , based in San Diego, has reported that an email account that held limited protected health information has been accessed by an unknown person.

Suspicious activity was noticed on a staff member’s email account on October 3, 2017 leading to an investigation; however, it was not until December 21, 2017 that it was discovered that an unauthorized person had accessed messages in the email account that included patient data.

A review of the emails in the account indication only a limited amount of PHI was accessed: Names, internal account details, and payment adjustment information, while a restricted number of patients also had details of their prescription medications accessed. While PHI access was discovered, Ron’s Pharmacy is unaware of any misuse of patient data. Ron’s Pharmacy has now alerted patients about the breach and reported the incident to the appropriate bodies.

In its February 2 substitute breach notice, Ron’s Pharmacy described how rapid action was taken to safeguard the account and prevent additional access. Login credentials were altered, and a third-party computer forensics company was contracted to complete a thorough investigation to determine the manner of the attack, its scope, and how access to the account was obtained.

Staff members have received additional training while policies and procedures have been refreshed to enhance defenses against future cyberattacks of this manner.

The breach report sent to the Department of Health and Human Services’ Office for Civil Rights (OCR) show 6,781 people were affected by the breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy