Cyber Incident Victim: Guardian Pharmacy of Jacksonville
Date:
Oct 2017
Location:
United States of America
Summary
Guardian Pharmacy of Jacksonville experienced unauthorized access to an employee email account, compromising protected health information including patient names, prescription details, treatment data, and diagnoses for 11,521 individuals; a limited subset also had Social Security numbers and health insurance information exposed. The organization responded by securing the account, initiating an internal and third-party forensic investigation, enhancing password policies, providing employee training, and notifying affected patients and regulatory bodies. While no misuse of information was confirmed, impacted individuals were offered credit monitoring services and guidance to monitor accounts for suspicious activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 3, 2017, Guardian Pharmacy of Jacksonville detected unusual activity within an employee email account, prompting an immediate internal investigation supported by a third-party forensic firm. The investigation, which concluded on February 14, 2018, determined that unauthorized individuals had gained access to protected health information stored within the compromised email account. The exposed data included patient names, prescription medication details, treatment information, and diagnosis records. A smaller subset of 11,521 affected individuals also had their Social Security numbers and health insurance information potentially accessed. Guardian could not confirm whether the unauthorized party actually viewed or exfiltrated any data but acknowledged the information was accessible during the breach window. No evidence of actual or attempted misuse of the compromised information was identified during the investigation.
Following the confirmation of unauthorized access, Guardian implemented several containment and mitigation measures. The organization immediately reset credentials for the affected email account and augmented its password security policies while providing additional employee training to prevent similar incidents. Notification letters were mailed to all impacted patients after the investigation concluded, advising them to review account statements, insurance records, and explanation of benefits forms for suspicious activity. Guardian established a dedicated toll-free inquiry line operational until June 30, 2018, to address patient concerns. The pharmacy offered complimentary credit monitoring and identity restoration services exclusively to individuals whose Social Security numbers were exposed. Regulatory disclosures were made to the U.S. Department of Health and Human Services, the Florida Attorney General’s office, and major consumer reporting agencies on March 30, 2018, nearly six months after the initial detection and five weeks after confirming the data exposure.