CVS Pharmacy reported vandalism at stores in several markets between May 27 and June 8 resulted in the loss of some patient information.
The HHS Breach Portal shows the incident affected 21,289 individuals. The missing information included paper prescriptions, filled prescriptions that had been held in pharmacy waiting bins and vaccine consent forms. Information affected during the vandalism included names, birth dates, addresses, medication names and prescriber information in addition to information about primary care providers. CVS Pharmacy has notified impacted patients.
The company has not received reports of any evidence that patient information was misused.
"We place the highest priority on protecting the privacy of our patients," reads a statement from CVS Health provided to Becker's. "The privacy and security of their information is very important to us and we take significant measures to protect it from unauthorized uses and disclosures. Although the circumstances surrounding this incident were beyond our control, we are in the process of considering whether additional safeguards are necessary to further enhance protection of our patients' personal health information."
CVS isn't the only retail giant with a recent security breach. Walmart also reported data incidents in their pharmacy services that exposed private information. Walmart said in a statement on July 23 that intruders in their stores stole prescriptions ready for pickup and the prescriptions were labeled with patient names and medical information.
Note: This article was updated at 9:09 pm CST to include information from a CVS Health statement on the incident.