Cigna

Cigna, headquartered in the United States of America, operates as a major health services organization. Its activities include the management of pharmacy benefits through its Express Scripts subsidiary, which provides a mobile application for customers to access prescription information. This application facilitates the viewing of medication details, prescription numbers, dosages, prescribing physicians, and pharmacy names, positioning the company within the healthcare and insurance sector. The organization handles sensitive personal and protected health information as a core part of its service delivery, subjecting it to specific regulatory frameworks like the Health Insurance Portability and Accountability Act. Its business model revolves around administering health benefits and processing prescription data for a large customer base, though the exact scale of its operations is not detailed in the provided information. The existence of the Express Scripts mobile platform confirms a significant technological footprint for customer engagement in the pharmacy benefit management space.

A notable incident in April 2022 involved unauthorized third parties accessing customer accounts within the Express Scripts mobile application using valid credentials. This security event compromised a range of personal and protected health data, including names, specific medication details, prescription numbers, dosages, prescribing physician information, and associated pharmacy names. The breach triggered an immediate response from the organization, including the lockdown of affected accounts and mandatory password resets for users. Cigna also advised impacted individuals to change credentials on other external platforms where the same passwords might have been used, highlighting concerns about credential reuse. The total number of individuals affected by this incident was not conclusively determined at the time of reporting. As a HIPAA-regulated entity, this event underscores the critical nature of safeguarding health information within its operational framework and the potential regulatory repercussions of such a compromise. The incident specifically involved the systems of its Express Scripts subsidiary, illustrating the integrated yet distinct operational structures within the broader corporate organization.