Edgepark Medical Supplies in Ohio (RGH Enterprises) is notifying some patients that their personal information, including full credit card number in approximately 126 cases, may have been acquired in March 2013 due to a malware infection that evaded detection by their anti-virus software until December 2013. Upon discovery, the malware was removed and patients’ passwords were re-set.
The breach may have exposed patients’ names, postal, billing, shipping and email addresses, dates of birth, health insurance policy numbers, primary diagnoses, credit card numbers with expiration dates (but not CVV codes), Edgepark account usernames, passwords, and account numbers, and order histories.
The firm says they have no evidence of, nor any reports of any misuse of information, but is offering hose affected one year of AllClear ID service.
A copy of their template notification letter is available on the web site of Vermont’s Attorney General.