Cyber Incident Victim: Century Specialty Script, LLC

Century Specialty Script, LLC, a New York-based specialty pharmacy, disclosed a data security incident involving unauthorized access to one employee’s Microsoft Office365 account. The breach was discovered on or around July 28, 2020, prompting immediate containment actions. Century terminated the intruder’s access by resetting the compromised account’s password. While no other employee accounts were confirmed as compromised, the company proactively changed all employee passwords as an additional safeguard. The investigation determined the incident was isolated to the Office365 environment, with no evidence of broader system infiltration. Century did not specify the exact timeframe during which the unauthorized access occurred prior to detection. The compromised account potentially exposed sensitive customer and patient information stored within the Office365 platform.

The compromised data included protected health information such as names, dates of birth, addresses, contact details, prescription information, and insurance details. Century confirmed financial information and Social Security numbers remained unaffected. The company initiated notification letters to impacted individuals starting September 25, 2020, approximately two months after discovering the breach. No evidence suggested misuse of the accessed data prior to containment. Century’s response focused on securing the compromised account, validating the incident scope, and informing affected parties without providing specifics about forensic methodologies or attacker attribution. The incident highlighted risks associated with single-account compromises in cloud-based productivity suites housing sensitive healthcare data.