Crescent Healthcare, a Walgreens company, recently began sending letters to patients and employees notifying them that an undisclosed number of patients' personal health information and Social Security numbers were stolen on December 28, 2012.
"The letter states that computer hardware and paper records containing personal health information and Social Security numbers were stolen from Crescent's billing center," writes Becker's Hospital Review's Anuja Vaidya. "Authorities were notified three days later. "
"Crescent did not provide information on how many individuals were affected by the breach," California Healthline reports. "Paul Mastrapa, president of Crescent, wrote in the letter, 'We are very sorry this happened, and we are cooperating with law enforcement to further investigate this incident.' He added, 'Additionally, we have taken steps to [prevent] this from happening again, including retraining employees and service providers on security, and inhaling our security policies and procedures."
"This is not Walgreens' first HIPAA breach," notes Healthcare IT News' Erin McCann. "Just this past December, the pharmacy chain was ordered to pay nearly $16.6 million to settle a lawsuit over dumping hazardous waste -- and confidential patient health records. In July 2012, more than 1,200 Walgreens customers had their personal health information compromised after the company reported a theft of paper records."