Personal medical information, prescriptions stolen from Rite Aid stores in Baltimore during April looting.

As looted prescription drugs flood Baltimore streets, fueling a surge in violence, pharmacy chain Rite Aid warned customers Wednesday that their personal medical information could be on the streets, too.

Store officials said the labels on prescriptions stolen during the late April riots included patient names, addresses and the names of medication, but not other sensitive data such as Social Security numbers or credit card numbers. The alert nonetheless raised concern among privacy advocates who said the information could be used for fraud. Rite Aid has hired a risk management firm to help protect customers from identity theft.

The risk also extends to customers at looted pharmacies across the city. The Drug Enforcement Administration is reviewing surveillance footage from 27 pharmacies to possibly file charges against looters, and a spokesman said the agency would help monitor for any reports of medical identity fraud.

Depending on what information pharmacies include on prescription labels, criminals could improperly refill the prescriptions, bill medical care to the prescription holder’s insurance or combine the information with other stolen data to commit larger acts of fraud, experts said. Medical data is gaining in value on black markets, prompting hackers to increasingly target health care organizations.

“It would not surprise me if patients who used those pharmacies that were looted later learned they were victims of medical identity fraud,” said Ann Patterson, senior vice president and program director of the Medical Identity Fraud Alliance.

Even though prescription labels contain limited information, they still can be valuable to criminals, said Eva Velasquez, CEO of the Identity Theft Resource Center. Having some personal information “makes it a lot easier” for criminals to commit fraud, allowing them to exploit data like prescription or insurance identification numbers, she said.

Patterson recommended that customers of any of the looted pharmacies closely monitor any medical correspondence they receive, such as “explanation of benefits” documents that show what billings an insurer has received. She emphasized people should scrutinize claims made to their insurers under their names, a field that many often overlook because they don’t suspect fraud, and watch for any letters from unfamiliar hospitals or other care providers.

Click here to read the full article.

June 3, 2015 by Scott Dance, Baltimore Sun

pharmacy store