PHI of 10,000 Patients of Raley’s Pharmacy Possibly Impacted in Laptop Theft

by | Oct 31, 2018

Around 10,000 patients of Raley’s Pharmacy are being contacted to inform them that some of their protected health information (PHI) has potentially been impacted in a data breach.

On September 24, 2018, a laptop computer was taken from a Raley’s pharmacy that may have held some patients’ private health information.

Raley’s pharmacy swiftly initiated an inquest to discover what information was stored on the laptop in question. Interviews with staff members who had used the device were carried out to try and understand the types of content that may have been impacted. The email accounts of staff members were also reviewed for attachments and links to documents that included ePHI, to determine which files had been downloaded or were stored in cache files in a temporary directory on the device.

After careful reviews, Raley’s Pharmacy was able to deduce that the only patients impacted by the security incident were those that had attended a Raley’s, Bel Air, and Nob Hill Foods pharmacy between January 1, 2017 and September 24, 2018 to have prescription orders fulfilled.

An audit of the files which had possibly been downloaded to the laptop showed that highly sensitive information such as Social Security numbers, addresses, credit card information, and driver’s license details had not been compromised. The breach was restricted to first and last names, gender, birth dates, visit dates, pharmacy location attended, medical condition, prescription information, and health plan ID account numbers.

As Health plan/insurance information has potentially been exposed, impacted patients have been warned to monitor their Explanation of Benefits statements for any sign of illegal activity.

The security incident has lead to Raley’s Pharmacy to adapting encryption on all laptops to stop data access by unauthorized persons should further theft incidents happen. Additional security controls are also being considered.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy