Century Specialty Script, LLC (“Century”) is a specialty pharmacy in New York. Yesterday, it disclosed a data security incident potentially impacting protected health information.
According to their press release, they do not know when it happened, but one employee’s Microsoft Office365 accounts was compromised. The intruder’s access was discovered on or about July 28, and the access what shut off by changing the account’s password. No other employees’ accounts were compromised, but to be on the safe side, all employees’ passwords were changed.
The investigation confirmed that not only was it just one O365 account compromised, but that the data security incident was limited to the O365 environment.
The data security incident may have resulted in unauthorized access to Century’s customers’ information including names, dates of birth, address, contact information, prescription information, and insurance information. Please note that financial information and Social Security numbers were not impacted by this incident.
Century began mailing letters on September 25.