Kroger advises clients of its pharmacy and small clinic about a data security breach in which patient names and personal information were illegally accessed, according to multiple media outlets. The Data Breach Notice was issued as a violation of a federal health law known as HIPPA (Health Insurance Transportation and Accountability Act of 1996), according to Cincinnati.com.
In this regard, Kroger, who has pharmacies in the metro Atlanta area, was notified of the breach on January 23, and it didn’t affect the grocery store data or Kroger IT data, according to a Kroger release. Kroger created a website for information about the hack.
The Cincinnati-based grocery chain offers free credit monitoring to anyone affected by the breach. The information accessed included the following data, according to Cincinnati.com:
Names of patients, Email addresses, phone numbers, Home addresses, Birth dates, Social Security numbers and Information used to process insurance claims.
Prescription information such as the prescription number, doctor prescription, medication names and dates, medical history, as well as some clinical services, such as whether the patient has requested a flu test. Kroger said they believes that less than 1% of its customers were affected – specifically some using health and money services – as well as some current and former employees because apparently a number of employee records were shown.
The company, which has 2,750 retail grocery stores and 2,200 pharmacies nationwide, stated in response to questions from the Associated Press that an investigation into the scope of the breach is underway.
“Federal law requires organizations that handle personal healthcare information to report any data breaches to the Department of Health and Human Services. Kroger said they were among the victims of the December hack of a file transfer product called FTA developed by Accellion, a California-based company, and that it was notified of the incident on January 23, when it stopped using Accellion’s services. Companies use a file transfer product to share large amounts of data and bulky email attachments.
While, the official has stated that an anonymous person accessed certain Kroger files by exploiting a vulnerability in the file transfer service, according to a Kroger release. In this regard, Kroger said the accident affected beneficiaries under the Kroger Corporation’s Health and Welfare Benefits Scheme, and the Kroger Corporation’s Healthcare and Retirement Care Plan. Potentially affected clients are in the process of being notified by Kroger. The data breach was likely to affect The Little Clinic and Kroger Pharmacies as well as the other family of pharmacies run by Ralphs Grocery Company and Fred Meyer Stores Inc. Former President Donald Trump is among Dai’s clients, but the criminals told the AP via email that none of the data was related to him. The Associated Press reached out to the criminals with questions via email on the dark site as they posted documents stolen from the law firm. What are your thoughts on it? Let us know in the comment section below!