mscripts®, a provider of mobile pharmacy solutions, is working with our customers to notify individuals regarding an incident involving potential unauthorized access to an mscripts® cloud storage asset. mscripts® is posting this notice on behalf of multiple pharmacy customers listed below.
What Happened? We recently learned that certain files in cloud storage were accessible from the Internet without the need for authentication between September 30, 2016 and November 18, 2022. We took immediate steps to change the access settings, began an investigation, and a forensic investigation firm was engaged. The files that were accessible included prescription order summaries related to locker pickups at participating pharmacy locations and images of prescription bottles and insurance cards submitted by pharmacy patients through the mscripts® web or mobile app. Each file would have only been accessible from the date it was submitted until November 18, 2022.
mscripts® thoroughly reviewed the image files to identify the patient and associated pharmacy. This review was completed on January 11, 2023. On January 13, 2023, we began the process of notifying our pharmacy customers of this incident. Since then, we have worked with the pharmacies to notify individuals whose information was identified by the review.
What Information Was Involved? The involved information included individuals’ names and one or more of the following:
• Order summary – date of birth, phone number, address, and prescription number;
• Prescription information – address, prescription number, medication name, and/or originating pharmacy information; or
• Health insurance information – insurance company, member ID, group number, and/or dependents’ names, if any.
Social Security numbers were not included. Importantly, this incident did not involve any access to the pharmacies’ systems, network, or electronic health records.
What mscripts® Is Doing. We regret that this incident occurred. mscripts® has already taken measures to address the underlying issue and will continue to look for ways to further enhance the security measures applicable to the services we provide.
What You Can Do. Although we have no indication that any of the involved information has been accessed or misused by any unauthorized person, out of an abundance of caution, on February 10, 2023, mscripts® began notifying individuals whose information was contained in the image files at issue. mscripts® recommends that individuals review the billing statements or notifications of prescriptions ordered or filled received from their pharmacies/healthcare providers and health insurer. If they see charges for services they did not receive, they should contact the pharmacy/provider or insurer immediately.
For More Information. mscripts® has also established a dedicated, toll-free call center for questions about this incident. The call center may be reached at (866) 674-3087, Monday through Friday, between 9:00 a.m. and 6:30 p.m. Eastern time, excluding major U.S. holidays.
List of Pharmacy Customers on Whose Behalf mscripts® is Providing Notice of Privacy Incident
- Banner Health
- Brookshire Brothers
- Costco Wholesale Corporation
- Dan's Drugs
- Fresh Market Pharmacy
- Froedtert Health
- Giant Eagle Inc
- Henry Ford Health and Henry Ford Pharmacy Advantage
- Ingles Markets, Inc.
- Lin's Supermarkets Inc.
- Macey's Pharmacy
- Meijer Pharmacy