Ron’s Pharmacy Services Email Account Breach Impacts 6,781 Patients

Ron’s Pharmacy Services in San Diego, CA discovered that an email account containing limited protected health information of 6,781 patients was compromised. The pharmacy noticed on October 3, 2017 the suspicious activity on an employee’s email account. The matter was investigated but it was found out only on Dec 21, 2017 that the employee account containing PHI was accessed by an unauthorized individual.

The employee’s email account contained limited PHI including patients’ names, payment adjustment information and internal account numbers. Some patients’ prescription medication details were also included. Even with the confirmed access of patients’ PHI, there were no reports of misuse of information. Ron’s Pharmacy already notified the patients and the Department of Health and Human Services’ Office for Civil Rights about the data breach impacting 6,781 patients.

In a substitute breach notice, Ron’s Pharmacy explained the immediate action they took to secure the account including changing of login credentials to cut further access. A third-party computer forensics company investigated the incident to find out the nature and scope of the attack. Employees were given further training. The policies and procedures were updated to improve defenses against cyber attacks.

Ron’s Pharmacy was informed by the computer forensics company that the attacker used software to conduct a brute force attack and guess the correct password. Hence, it is important for all employees to create strong passwords instead of short passwords that are easily deciphered during brute force attacks. Another defense against attacks is limiting incorrect login attempts and blocking access.

Either use complex passwords or long passphrases. Complex passwords have a minimum of 8 characters combining special characters, numbers, upper case and lower case letters. NIST recommends using long passphrases. Passphrases are easier to remember than complex passwords and are still resistant to brute force attacks. 

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.