Posted On July 7, 2022 Consumer Privacy & Data Breaches
July 7, 2022 – On July 1, 2022, WellDyneRx, LLC filed notice with the U.S. Department of Health and Human Services Office for Civil Rights regarding a December 2021 data breach. While WellDyne previously disclosed the breach to various state government entities, the most recent filing is the first time the company provided an estimate of the number of affected people. Based on the most recent information, the WellDyneRx breach leaked names, dates of birth, Social Security numbers, driver’s license numbers, treatment information, health insurance information, contact information, prescription information, and other medical and healthcare-related information of 38,401 individuals.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the WellDyne data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from WellDyneRx, LLC.
According to the most current information, the WellDyneRx breach was first detected on December 2, 2021, when the company noticed suspicious activity within one of the company’s email accounts. Upon this discovery, WellDyne enlisted the help of cybersecurity professionals to investigate the incident and determine what, if any, consumer information was compromised. The investigation revealed that there was unauthorized access to the account between October 30, 2021, and November 11, 2021.
Once WellDyne confirmed the unauthorized access, the company then reviewed all emails, files and attachments within the affected email account. On March 11, 2022, the company completed this process, reporting that the data types leaked as a result of the breach included consumers’ names, dates of birth, Social Security numbers, driver’s license numbers, treatment information, health insurance information, contact information, prescription information, and other medical and healthcare-related information.
Subsequently, on May 6, 2022, WellDyneRx issued data breach letters to all individuals whose information was compromised. Finally, on July 1, 2022, WellDyneRx provided official notice of the breach to the U.S. Department of Health and Human Services Office for Civil Rights. In this most recent filing, WellDyneRx estimates that the breach impacted as many as 38,401 people.
WellDyneRx, LLC is a pharmacy benefit manager based in Lakeland, Florida. As a pharmacy benefit manager, the company oversees the administration of the pharmacy benefits portion of insurance policies on behalf of insurance companies. WellDyne works with more than 2,000 providers, serving more than three million patients. WellDyne’s pharmacy network includes more than 65,000 retail pharmacies, including large national chains, regional chains and many independent pharmacies. WellDyne has approximately 700 employees and generates approximately $76 million in revenue each year.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the WellDyne data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by WellDyneRx, LLC (the actual notice sent to consumers can be found here):
Dear [Redacted],
WellDyneRx, LLC (“WellDyne”) is providing notice of an incident that could affect the privacy of information of certain individuals for whom it provided pharmacy benefit related services. While we are unaware of any actual or attempted misuse of individually-identifiable information, we take this incident very seriously and are providing information about the incident, our response to it, and resources available to individuals to help protect their information, should they feel it appropriate to do so.
What Happened?
On December 2, 2021, WellDyne became aware of suspicious activity related to a WellDyne email account. In response, we began an investigation of the activity with the assistance of third-party forensic investigators to determine the nature and scope of the incident. We determined that there was unauthorized access to the account between October 30, 2021, and November 11, 2021. Although there is no evidence that individually-identifiable information contained within the email account was accessed or taken by an unauthorized party, we cannot rule out this possibility. In response, WellDyne undertook a comprehensive and time-consuming programmatic and manual review of the contents of the email account to determine the type of information stored therein, and to whom the information pertained. On March 11, 2022, we completed this extensive review process, and identified the scope of the information at risk and the population who may be affected. We have worked diligently since this time to confirm the contact information for the individuals who may be impacted and the types of information at issue for each individual, in order to provide an accurate notification.
What Information Was Involved?
We conducted a thorough review of the affected email account to identify the types of information stored therein and to whom it related. Although there is no evidence that individually-identifiable information contained within the email account was accessed or taken by an unauthorized party, we cannot rule out this possibility. While the specific types of information varies for each individual, the scope of information involved includes: name, date of birth, Social Security number, driver’s license number, treatment information, health insurance information, contact information, prescription information, and other medical/health information.
How Will Individuals Know If They Are Affected By This Incident?
We are mailing notice letters to the individuals who were identified as potentially impacted. If an individual does not receive a letter but would like to know if they are affected, they may call our dedicated assistance line, detailed below.
What WellDyne is Doing.
The confidentiality, privacy, and security of personal information within our care is among our highest priorities. Upon learning of the event, we secured the compromised account and investigated to identify any individuals that were affected. We have taken additional steps to improve security and better protect against similar incidents in the future. We are also notifying applicable regulators, including the Department of Health and Human Services.
Whom Should Individuals Contact For More Information?
If individuals have questions or would like additional information, they may call WellDyne’s dedicated assistance line at (877) 389-2455 between the hours of 9am-9pm Eastern Standard Time, Monday through Friday.
