Walgreens company announces data breach

Personal health data, Social Security numbers at risk

A Walgreens healthcare company has notified patients and employees of a data breach after computer hardware and other paper records containing the personal health information and Social Security numbers of patients was stolen. 

Anaheim, Calif.-based Crescent Healthcare mailed out letters to patients and employees Feb. 21, notifying them of the theft which occurred Dec. 28, 2012. According to the letter, an unknown person or persons broke into Crescent's billing center and stole the hardware, which may have contained patient names, addresses, phone numbers, Social Security numbers, health insurance data, dates of birth and clinical diagnoses. The group notified authorities three days later. 
 
[See also: Georgia hospice group sees data breach.]
 
"We are very sorry this happened, and we are cooperating with law enforcement to further investigate this incident," writes Paul Mastrapa, president of Crescent Healthcare, in the letter. "Additionally, we have taken steps to precent this from happening again including retraining employees and service providers on security, and inhaling our security policies and procedures." 
 
Calls to Crescent Healthcare regarding the number of patients affected were not immediately returned. 
 
This is not Walgreens' first HIPAA breach. Just this past December, the pharmacy chain was ordered to pay nearly $16.6 million to settle a lawsuit over dumping hazardous waste – and confidential patient health records. 
 
[See also: 43K affected in Wisconsin data breach.]
 
In July 2012, more than 1,200 Walgreens customers had their personal health information compromised after the company reported a theft of paper records.