The Kroger Co. is advising customers of its pharmacy and Little Clinic of a data security breach in which patient names and personal information were accessed illegally, according to multiple media outlets.
The data breach notice was issued as a violation of federal health law known as HIPPA (the Health Insurance Portability and Accountability Act of 1996), according to Cincinnati.com.
Kroger, which has pharmacies in the Atlanta metro area, was notified of the breach Jan. 23, according to Cincinnati.com, and it did not affect grocery store data or Kroger IT data, according to a Kroger release. Kroger has created a website for information about the breach.
The Cincinnati-based grocery chain is offering free credit monitoring to anyone affected by the breach.
Information accessed included the following data, according to Cincinnati.com:
— Patient names
— Email addresses
— Phone numbers
— Home addresses
— Dates of birth
— Social Security numbers
— Information used to process insurance claims
— Prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services, such as whether the patient was ordered a flu test.
An unauthorized person gained access to Accellion, a software company formerly used by Kroger, to securely transfer files, Cincinnati.com reported.
The unknown person accessed certain Kroger files by exploiting a vulnerability in the file transfer service, according to the Kroger release.
Kroger stopped using Accellion’s services after being informed of the incident.
Kroger said the incident affected beneficiaries under The Kroger Co. Health and Welfare Benefit Plan, and The Kroger Co. Retiree Health and Welfare Benefit Plan, according to Cincinnati.com.
Potentially affected customers are in the process of being notified by Kroger.
The data breach potentially affects The Little Clinic, Kroger Pharmacies as well as its other family of pharmacies operated by Ralphs Grocery Company and Fred Meyer Stores Inc., Cincinnati.com reported.
The affiliated pharmacies possibly affected also include Jay C Food Stores, Dillon Companies LLC, Baker’s, City Market, Gerbes, King Soopers, Quality Food Centers, Roundy’s Supermarkets Inc., Copps Food Center Pharmacy, Mariano’s Metro Market, Pick N Save, Harris Teeter LLC, Smith’s Food and Drug, Fry’s Food Stores, Healthy Options Inc., Postal Prescription Services, Kroger Specialty Pharmacy Holdings and Inc.
Source: https://www.ajc.com/news/breaking-kroger-advises-customers-of-data-breach-affecting-pharmacy/R44FKCSVLNDTJHA53ON36HO2CA/?&web_view=true