Cyber Incident Victim: Ron's Pharmacy Services
Date:
Oct 2017
Location:
United States of America
Summary
An unauthorized actor accessed an employee email account at Ron’s Pharmacy Services, leading to the compromise of limited patient information including names, internal account numbers, payment adjustments, and prescription details for some individuals. The organization secured the account promptly upon detecting the incident, initiated an internal and third-party forensic investigation, and confirmed unauthorized access to protected health information. Impacted patients were notified, and regulatory disclosures were made, though no misuse of the exposed data—which excluded Social Security numbers, financial account details, or insurance information—was identified. The pharmacy implemented additional staff training and policy reviews to prevent future incidents while offering affected individuals a dedicated inquiry line for assistance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 3, 2017, Ron’s Pharmacy Services detected unusual activity within an employee email account, prompting an immediate internal investigation supported by a third-party forensic firm. The investigation confirmed on December 21, 2017, that an unauthorized actor had accessed patient information contained within the compromised email account. The exposed data included patient names, internal pharmacy account numbers, payment adjustment details, and prescription medication information for a limited subset of individuals. No evidence indicated actual or attempted misuse of the compromised information at the time of discovery. The pharmacy emphasized that Social Security numbers, financial account details, and health insurance information were not involved in the breach.
Ron’s Pharmacy responded by changing the affected email account credentials upon initial detection and completed its investigation within eleven weeks. The organization mailed notification letters to impacted patients on February 2, 2018, disclosing the incident to the U.S. Department of Health and Human Services and the California Attorney General’s office concurrently. A toll-free privacy inquiry line ((855) 367-5406) operated from February until May 3, 2018, to address patient concerns during weekday hours. Internal measures included additional staff training and policy reviews aimed at preventing future incidents. Patients were advised to monitor pharmacy account statements, insurance records, and benefit explanations for suspicious activity, with instructions to report anomalies to relevant institutions. The pharmacy maintained no confirmed instances of information misuse throughout its investigation and notification timeline.