PHI of Consumers Compromised in Theft Incidents at Cub Pharmacies

A pharmacy chain reported that looters stole the protected health information (PHI) of some of its clients at the end of May at the time of civil unrest.

From May 27 and May 30, 2020, intruders broke into 8 Cub pharmacies established in the Minneapolis area and stole stuff, such as documents with the protected health information of its consumers. Things obtained from the store included secured safes that had credit card authorization papers and prescription medications that were ready and were waiting to be picked up. Binders made up of printed files of former prescription medications and requests that were being processed were likewise taken from 6 pharmacies established in St. Paul and Minneapolis.

The details on the credit card documents were the name of the cardholder, expiry date, credit card number, and transaction amount. No CVV code was included which is necessary to buy things over the phone. These documents simply pertained to persons who had chosen to have the medications sent by mail or shipped, not for consumers who paid using a credit card personally in a pharmacy.

Cub learned the stolen objects quickly upon going inside the stores between May 28 and 30. Watching the CCTV footage confirmed the theft of other consumer details when the outlets were broken into. If possible, clients affected by the breach were alerted right away, even though it wasn’t possible to ascertain all affected clients in that manner, as it wasn’t possible to know which consumers’ PHI was listed in the taken binders.

The consumer data taken by the looters were restricted and had no types of data used by identity thieves. Cub thinks that affected persons are not vulnerable to identity theft; nonetheless, as a precautionary measure, all impacted people are being advised to examine their financial statements and explanation of benefits statements for clues of information misuse. No incidents of misuse of consumer data were received thus far.

Cub is the 4th pharmacy store to report the compromise of consumer details in recent theft situations. CVS Pharmacy (21,289 persons), Walgreens (72,143 persons), and Kroger (10974 persons) also reported breaches. As per the DEA, around 1 / 3 of the 476 retail pharmacies located in Philadelphia were robbed and numerous pharmacies in other locations all over the U.S.A. have also encountered harmful attacks and have had prescription medications and other objects ripped off.