Pharmacy customers of ShopRite Supermarkets, Inc. have been impacted by a security violation caused by the improper disposal of a device used to record the signatures of customers.
The device was used at the ShopRite, Kingston, NY location during the time period from 2005-2015 and saved personal and medical details. Customers who went to the pharmacy to have prescriptions filled between 2005 and 2015 have potentially been affected by the breach incident. For those particular customers, the device stored information including names, phone numbers, prescription numbers, dates and times of pickup or delivery, zip codes, medication names, and signatures of customers.
This device was also used for customers who required an over-the-counter product containing pseudoephedrine. Those particular customers have had their driver’s license number, zip code, details of the product and personal and medical details accessed exposed.
In the substitute breach notice made public on the Wakefern Food Corp., website, customers have been told that the device was disposed due to an error in February 2016, although ShopRite only confirmed that a data security breach had been experienced during October 2017.
ShopRight has not been contacted with any reports to suggest the information on the device has been accessed or used in an inappropriate manner, although customers have been warned to monitor closely their Explanation of Benefits statements from their insurers for any proof of fraudulent use of their data. Customers have also been advised to monitor their financial accounts for any proof of potential fraud, although ShopRite does state out that their Social Security credentials and financial data were not exposed.
ShopRite has moved to address the to the incident by looking over its security policies with regard to devices that record and save personal information and the removal and secure deletion of data from those devices before they are disposed of. Privacy and security guidance has also been provided to all pharmacy workers to help stave off additional further security breaches like this one.
All of those individuals impacted by the security breach have now been contacted by mail. The breach report issued to the Department of Health and Human Services’ Office for Civil Rights shows that 12,172 customer of ShopRite have been impacted by the improper device disposal breach.