DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Walmart vendor error exposed limited patient information

Posted on June 16, 2016 by Dissent

Walmart, who reported a breach involving pharmacy records in March, has disclosed another breach to HHS. This one, reported June 8, reportedly affected 27,393 patients. Thankfully, it does not seem to have exposed particularly sensitive information.

DataBreaches.net asked Walmart for a statement describing the incident, and received the following statement:

Recently, we learned that the company that processes our patient refund checks experienced a printing error.

This error caused incorrect information to be printed on the letters that accompanied the refund checks sent to customers. As a result, the mailing a customer received may have included another individual’s information, limited to: (1) name, (2) a pharmacy prescription number or an optical order number, (3) the order date, and (4) a refund amount. The city and state of the Walmart or Sam’s Club visited also was included. It should be noted that no Social Security numbers, driver’s license numbers, financial information, insurance information, addresses, telephone numbers, date-of-birth, or prescription names were disclosed and no electronic information of any kind was affected.

These letters are dated May 13, 2016 and were sent on May 15, 2016. We were informed of the printing error on May 20, 2016 and immediately began looking in to the matter with the company that handled these mailings. We are also reviewing policies and procedures with them to prevent this error from occurring again. Although we do not anticipate any harm to patients and have no indication the information was misused, out of an abundance of caution, we have notified any customers who may have been affected.

While we do not take this lightly, it is important to note that the information that was disclosed is highly unlikely to lead to any fraudulent activity by those who received the letter.

The checks customers received are legitimate and correct. It is a refund they are entitled to receive and should feel assured to cash and utilize it. We will be following up with patients who do not cash their checks to help ensure that all refunds are effectively received. If customers would like to contact us to confirm or replace the check, they should call 1-866-788-5580.

We place great value in our customers’ trust and take this matter very seriously.  We are fully committed to protecting the privacy and security of our customers’ personal information.

 

No related posts.

Category: ExposureHealth DataPaperSubcontractorU.S.

Post navigation

← Update on Chicago employees’ retirement account breach
IE: Police officer cleared of leaking personal details used in virtual reality dispute →

2 thoughts on “Walmart vendor error exposed limited patient information”

  1. Harry Van Court says:
    June 17, 2016 at 10:26 am

    So was the error at the printing company or in the data files provided to the vendor? In such situations either is real possibility, but is very easy to blame an unnamed vendor. The company will not likely let us know, but knowing that the company is truly trying to identify the failure point would be great.

    I truly appreciate the information you provide on this site and I reference it (and your site) to folks in the security, audit, and privacy area here. Thank for the time an effort you make on this site.

    1. Dissent says:
      June 17, 2016 at 12:49 pm

      As you note, it could be either, but this one reads like it was the vendor’s error because they reviewed the vendor’s policies and procedures and not their own. 🙂

      And thank you so much for the kind words about this site.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.