A CVS employee stole drug benefits information from consumers enrolled in California-based Molina Healthcare’s overt-the-counter benefits program with the idea of stealing OTC drugs, Molina has told consumers. In a letter posted on the firm’s website, Molina warns current and former consumers that the employee sent a database full of their information to his personal computer. The database contained:
“Full Name; CVS ID; CVS ExtraCare Health Card Number; Member ID; Rx Plan Number; Rx Plan State; Start Date; and End Date,” Molina said.
The theft occurred on March 26. CVS notified Molina on July 20.
“This may put you at risk for identity theft. We think you should place a fraud alert on your credit file,” Molina warns its consumers.
The firms said it was offering affected consumers one free year of identity theft protection services.
“Molina Healthcare regrets this problem. CVS is replacing CVS ExtraCare Health Cards for affected individuals who are current Molina Healthcare members with an OTC benefit, unless your CVS ExtraCare Health Card was already replaced due to a change in your benefits plan,” the firm said.
Molina told SC Magazine that the data theft involves 55,000 consumers. CVS told SC that fraudulent purchases were attempted using 182 Texas-are Molina Medicare consumers, but not other fraud related to the incident has been discovered.
Molina Heathcare joins a long list of health care organizations that have suffered breach incidents this year due to unintended email or the mishandling of sensitive data. Given HIPAA and HITECH privacy regulations concerning the protection of PII (personal identifiable information) and ePHI (electronic patient health information), care providers, insurers and retailers need to rethink how they are securing data while advancing the necessary and timely access to medical records, said data leakage expert Scott Gordon, COO of FinalCode, a Silicon Valley file security company.