Raley’s Pharmacy is sending notifications to around 10,000 patients about the possible exposure of some of their protected information, which may have been stored on a laptop computer that was stolen on September 24, 2018.
When the theft was discovered, Raley’s pharmacy notified law enforcement and an investigation was launched to determine what, if any, sensitive information had been downloaded onto the laptop. To determine the types of information that had potentially been downloaded, Raley’s Pharmacy interviewed all employees who had used the device to find out what information was likely present. The email accounts of those employees were also analyzed to determine what files had potentially been downloaded and may have been stored in cache files on the laptop.
Raley’s Pharmacy reports that the information that may have been present on the device related to patients who had prescriptions filled at a Raley’s, Nob Hill Foods, or Bel Air Pharmacy between January 1, 2017 and September 24, 2018. The information in files that may have been downloaded was limited to full names, health plan ID numbers, birth dates, gender, location of the pharmacy visited by patients, the date(s) of the visit(s), prescription information, and the patients’ medical condition.
Because health plan information may have been exposed, Raley’s Pharmacy has recommended impacted patients monitor their Explanation of Benefits statements for signs of fraudulent activity.
Raley’s Pharmacy has now taken the decision to encrypt PHI on all of its laptops to prevent PHI exposure should any further laptops be lost or stolen.