AllCare Plus Pharmacy, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

AllCare Plus Pharmacy, Inc., a specialty pharmacy located in Northborough, Massachusetts, experienced a data breach that was first discovered on June 21, 2022. The breach occurred when an unauthorized party gained access to the company’s computer system following a cyberattack, which was later identified as a phishing attack targeting multiple employees on April 14, 2022[1][5].

The compromised information included patients’ names, addresses, Social Security numbers, driver’s license numbers, financial account information, credit or debit card numbers, insurance information, and protected health information (PHI)[1]. The breach affected a total of 5,971 patients, including 15 Maine residents[3].

Upon confirming that consumer data was leaked, AllCare Plus Pharmacy began sending out data breach notification letters to all individuals who were impacted by the security incident on March 16, 2023[1]. The company also offered two years of credit monitoring services to impacted residents through Experian IdentityWorks and set up a call center for affected individuals to call if they have further questions about the incident[3].

AllCare Plus Pharmacy is owned by the larger healthcare software and services company IQVIA and employs more than 296 people, generating approximately $20 million in annual revenue[1]. The pharmacy provides a range of patient support services, specializing in complex medication management[1].

In response to the breach, AllCare Plus Pharmacy has implemented additional security measures, internal controls, and safeguards to prevent future incidents[9]. Affected individuals are advised to review the breach notice, enroll in the offered credit monitoring services, change passwords and security questions for online accounts, regularly review account statements, monitor credit reports, and consider contacting a credit bureau to request a temporary fraud alert[8].

Citations:

  1. https://www.jdsupra.com/legalnews/allcare-plus-pharmacy-inc-notified-4166898/
  2. https://www.biospace.com/article/releases/allcare-plus-pharmacy-introduces-renamed-business-divisions-access-services-and-hospital-solutions-as-part-of-strategic-reorganization/
  3. https://apps.web.maine.gov/online/aeviewer/ME/40/afad8db8-f984-4f0a-b933-5015ef9d7dea.shtml
  4. https://healthitsecurity.com/news/ma-pharmacy-falls-victim-to-email-phishing-attack-results-in-phi-exposure
  5. https://www.databreaches.net/allcare-plus-pharmacy-notifies-5971-patients-of-phishing-incident-last-year/
  6. https://www.mass.gov/doc/assigned-data-breach-number-29219-allcare-plus-pharmacy-inc/download
  7. https://allcarepluspharmacy.com/privacy/
  8. https://www.turkestrauss.com/2023/03/15/allcare-plus-pharmacy-data-breach-investigation/
  9. https://www.hipaajournal.com/three-healthcare-providers-report-phishing-attacks/
Breach Submission Date Mar 15, 2023
Converted Entity Name AllCare Plus Pharmacy, Inc.
Converted Entity Type Healthcare Provider
State MA
Individuals Affected 757
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes