Cyber Incident Victim: BioPlus Specialty Pharmacy Services

BioPlus Specialty Pharmacy Services, LLC experienced a network intrusion that permitted unauthorized access to its systems between October 25 and November 11, 2021. The specialty pharmacy provider detected the breach on November 11, 2021, though the specific method of intrusion remained undisclosed. No evidence of malware or ransomware involvement was identified in the incident. The compromised data included sensitive patient information such as names, dates of birth, addresses, and medical records, with Social Security numbers exposed for a subset of individuals. All current and former patients of BioPlus were considered potentially affected by the breach, indicating broad exposure of protected health information (PHI). The incident represented a significant compromise of personal and medical data, though the exact number of impacted individuals was not quantified in available disclosures.

In response to the breach, BioPlus implemented notification procedures by informing affected patients through undisclosed channels, likely consistent with standard HIPAA breach notification requirements. The company established a dedicated toll-free number to address patient inquiries regarding the incident. As a remedial measure, BioPlus offered credit monitoring services to all individuals whose data was exposed, a step aimed at mitigating potential financial fraud risks stemming from the compromised Social Security numbers and personal identifiers. The breach disclosure occurred contemporaneously with another unrelated healthcare sector incident involving Simon Eye Management, though no operational or investigative connection between the two events was indicated. BioPlus did not publicly disclose technical details regarding containment measures, forensic methodologies, or potential threat actor attribution in its initial notification.