PHI of 53,000 Pharmacy Patients Exposed in Email Hack

by | Jan 24, 2018

The protected health information of 53,173 patients who received services from Onco360 and CareMed Specialty Pharmacy has been compromised in an email hacking attack.

The patients were notified after a security breach when suspicious activity involving an employee’s email account was discovered on November 14, 2017.

Third party computer forensics consultants were contracted to conduct an investigation to determine the nature and scope of the HIPAA violation. On November 30, it was reported that the breach has involved three email accounts.

A review of the emails in those accounts showed some messages included the PHI of patients, which could possibly have been seen and obtained by the hacker.

The information possibly included names, demographic information, clinical data, details of medications supplied by the pharmacy, Social Security details and health insurance information. A small number of patients may also have had some financial details accessed.

No reports have been made to suggest any protected health information has been improperly used, although patients have been warned to exercise caution and check their credit reports, account statements, and Explanation of Benefit statements for any evidence of fraudulent activity.  Complimentary credit has also been offered to patients to provide monitoring and identity theft protection services through ID Experts for one year.

The security violation seems to have occurred due to employees opening phishing emails. All employees have now received further guidance to help them recognize malicious emails and email security measures have been enhanced to prevent future breaches.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy