Migliaccio & Rathod LLP is investigating pharmacies across the country for failing to safeguard sensitive patient information in an increasing number of cyberattacks that have occurred from 2020 to the present. These data breaches are usually caused by unauthorized access to pharmacies’ networks or employee email accounts through ransomware or phishing attacks, usually resulting in the exposure of patient information to hackers. Examples of the types of data exposed in such leaks include names, dates of birth, medical information including diagnosis and/or clinical treatment information, dates of services, health insurance information, Social Security numbers, driver’s license numbers, credit card numbers, and financial account information.
Although pharmacies usually notify patients that their information was affected, investigations into data breaches can take months, leaving sensitive information exposed without patients’ knowledge. In previous data breaches, victims of data theft had had their information posted on the dark web or viewed by hackers with little information about who accessed or viewed it. Victims of these types of data attacks may be forced to spend money out of pocket for credit monitoring or fraudulent charges to bank and hospital accounts. Some patients affected by data breaches may have noticed suspicious credit card charges, requests for services or loans in a patient’s name, medical procedures ordered without patient consent, and/ or disrupted medical care.
Have you received a data breach notification letter from a pharmacy within the past year?
If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.
Attorneys Committed to Consumer Protection
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including cases involving data breaches. More information about our current cases and investigations is available on our blog.
(February 7, 2022) Ravkoo Digital Pharmacy announced in January of 2022 that over 105,000 of its patients’ sensitive information was accessed by unauthorized actors in September of 2021 through the online pharmacy’s Amazon Web Services hosted prescription portal. The hackers accessed the pharmacy’s systems through a hidden administrator panel that any user could have used to view the website’s confidential data.
(February 11, 2022) Injured Workers Pharmacy announced in February of 2022 that over 75,000 of its patients’ sensitive information was compromised in a cyberattack on employee email accounts that occurred between January and May of 2021. Although the pharmacy hired data review specialists to check the emails and attachments in the compromised email accounts, notification letters were not sent to patients until February 3, 2022.