Long Beach, Calif.-based Molina Healthcare is notifying patients that an employee of CVS Health Corp., which provides Molina's over-the-counter benefits, inappropriately accessed the protected health information of some patients.
The breach affects current and former members of the Molina Medicare Options Plus HMO.
According to the notification, a former CVS employee took PHI from CVS' computers and copied the information to his personal computer. CVS believes the former employee did this purposefully to fraudulently obtain over-the-counter products from CVS, but the health system says they have not found any indications of fraudulent use of stolen PHI.
The incident occurred on or around March 26, and CVS informed Molina of the incident on July 20. Molina Healthcare's notification letter is dated Sept. 17.
Stolen information includes full name, CVS ID, CVS ExtraCare Health Card number, member ID, prescription plan number, prescription plan state, start date and end date.
More articles on data breaches:
Why are healthcare data breaches so common?
Stolen laptop prompts breach notification at LSU Health
Sutter Health notifies 2,500 of breach after employee improperly emails billing documents