Edgepark Medical Supplies in Twinsburg, Ohio, is notifying approximately 4,200 customers that their protected health information was accessed after malware was introduced to its Web servers.

Most of those affected had the last four digits of their credit card, but not the security code, compromised. However, 125 had their full credit card number, minus the security code, accessible. Edgepark Medical, a unit of Cardinal Health, is offering all affected individuals one year of identity protection services from AllClear ID.

In a notification letter, Edgepark Medical said it uses industry-standard anti-virus software, yet discovered on Dec. 12, 2013 that the Web servers were accessed by unauthorized persons between March 9 and March 12 of 2013. “Unfortunately, our anti-virus software provider did not identify this particular malware issue until shortly before we were notified of the incident,” according to the letter. The company also noted that there is no indication the information has been misused.

Compromised information included name, date of birth, phone number, shipping and billing addresses, last four digits of credit card numbers for most affected customers, credit card issuer and expiration date, Edgepark account number, primary physician, diagnosis, order history and insurer.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access