PHI of Clients Compromised in Robbery Incidents at Cub Pharmacies

One more pharmacy chain made an announcement that looters stole the protected health information (PHI) of some of its customers in late May during a time of civil unrest.

Between May 27 to May 30, 2020, thieves broke into 8 Cub pharmacies located in the Minneapolis area and stole items, including paperwork that contains the PHI of its clients. Objects taken from the pharmacies included locked safes that stored credit card authorization documents and prescriptions that had been prepared and were waiting to be collected. Binders that contain printed documents of previous prescriptions and orders that were being prepared were also taken from 6 pharmacies located in Minneapolis and St. Paul.

The data on the credit card forms were the cardholder name, expiry date, credit card number, and amount of the transaction. There was no CVV code included which is needed to make purchases over the telephone. These papers just corresponded to people who had opted to have the prescription medications shipped or sent by mail, not for clients who paid through credit cards directly in a pharmacy.

Cub found out the stolen things right away upon stepping into the pharmacies from May 28 to 30. Looking at the CCTV footage showed the stealing of more client data when the shops were looted. If at all possible, consumers impacted by the breach were informed immediately, though it wasn’t possible to know all affected consumers in that manner, as it wasn’t possible to pinpoint which clients’ PHI was contained in the compromised binders.

The client details acquired by the looters were minimal and didn’t include types of details desired by identity thieves. Cub is convinced that impacted people are not in danger of identity theft; nevertheless, as a safety measure, all impacted persons are being instructed to evaluate their explanation of benefits and financial statements for indications of data misuse. No instances of misuse of client details were reported up to now.

Cub is the 4th pharmacy outlet to encounter the compromise of client data in recent theft incidents. CVS Pharmacy (21,289 people), Kroger (10974 people) and Walgreens (72,143 people) also announced breaches. Based on the DEA, over one-third of the 476 retail pharmacies established in Philadelphia was broken into and a lot of pharmacies in other places throughout America have also experienced detrimental attacks and have had prescription medicines and other things taken.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at