The Kroger Co. has advised customers of its pharmacy and Little Clinic of a data security breach in which patient names and personal information was illegaly accessed.
The data breach notice was issued as a violation of federal health law known as HIPPA (the Health Insurance Portability and Accountability Act of 1996).
The breach, which Kroger was notified of on Jan. 23, did not affect grocery store data or Kroger IT data, according to a Kroger release. The company has created a website for information about the breach at https://www.kroger.com/i/accellion-incident.
The Cincinnati-based grocery chain has offered free credit monitoring to anyone affected by the data breach.
Information accessed included the following data:
- Patient names.
- Email addresses.
- Phone numbers.
- Home addresses.
- Dates of birth.
- Social security numbers.
- Information used to process insurance claims.
- Prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services, such as whether the patient was ordered a flu test.
A mobile home:#VanLife takes off during COVID-19 as Americans convert vans for a life on the road
COVID-19 vaccinations:CVS to help underserved Americans schedule appointments
Kroger said an unauthorized person gained access to Accellion, a software company used by Kroger, to securely transfer files.
The unknown person accessed certain Kroger files by exploiting a vulnerability in the file transfer service, according to the release.
Kroger stopped using Accellion’s services after being informed of the incident.
The grocery company has started its own forensic investigation into the potential scope and impact of the data breach.
Kroger said the incident affected beneficiaries under The Kroger Co. Health and Welfare Benefit Plan, and The Kroger Co. Retiree Health and Welfare Benefit Plan.
Potentially affected customers are in the process of being contacted by Kroger.
The data breach potentially affects The Little Clinic, Kroger Pharmacies as well as its other family of pharmacies operated by Ralphs Grocery Company and Fred Meyer Stores Inc.
The affiliated pharmacies possibly affected also include Jay C Food Stores, Dillon Companies, LLC, Baker’s, City Market, Gerbes, King Soopers, Quality Food Centers, Roundy’s Supermarkets, Inc., Copps Food Center Pharmacy, Mariano’s Metro Market, Pick N Save, Harris Teeter, LLC, Smith’s Food and Drug, Fry’s Food Stores, Healthy Options, Inc., Postal Prescription Services, Kroger Specialty Pharmacy Holdings, and Inc.