Confidio Privacy Notice
Last Modified: June 5, 2020
A Notice to our Clients’ Members
Confidio, LLC (“Confidio”) is committed to protecting the confidentiality and security of the information provided to us by our clients’. Regrettably, this notice concerns an incident that involved some of that information, including limited information about some of our clients’ current and former members and their dependents (“Involved Individuals”).
Confidio is a pharmacy benefits consulting firm hired by organizations to provide pharmacy solutions and consulting services. As necessary to perform these services, we receive some personal information about our clients’ employees and dependents.
On February 10 and March 31, 2020, we notified certain of our clients that our investigation into an email incident determined that unauthorized person(s) obtained access to two Confidio employees’ email accounts. Upon learning of the incident, we immediately secured the accounts, conducted an investigation to determine the nature and scope of the incident, and a computer security firm was engaged to assist. The investigation determined that unauthorized access to the employees’ accounts occurred between November 29 and December 17, 2019, and emails and attachments in the account may have been viewed or acquired.
The investigation was unable to determine which emails and/or attachments, if any, were viewed or acquired by the unauthorized person(s). We therefore performed a comprehensive review of the information contained in the email accounts to determine what may have been accessible to the unauthorized person(s). Through that analysis, we identified information relating to some of our clients’ current and/or former employees and dependents. The information may have included Involved Individuals’ names, dates of birth, prescription information, health insurance information, and/or clinical or treatment information, such as provider names or diagnoses. In some instances, Social Security numbers were also identified in the accounts.
This incident did not affect all of our clients or their employees/members. Involved Individuals are limited to those individuals whose information was contained in the affected email accounts.
We have no indication that any specific individual’s information was actually viewed or downloaded by the unauthorized person(s), or that it has been misused. However, we mailed notification letters to Involved Individuals. We also established a dedicated, toll-free call center to answer questions individuals may have about the incident. If you have questions, please call 1-888-921-0542, from 9:00 a.m. to 6:30 p.m. Eastern time, Monday through Friday.
For Involved Individuals whose Social Security number was contained in the email account, we are offering complimentary credit monitoring and identity protection services. We also recommend Involved Individuals review any billing statements or notifications of prescriptions ordered or filled that they receive from their mail and retail pharmacies or their healthcare providers. If they see charges for services or prescriptions they did not request or receive, they should contact the Pharmacy Benefit Manager at the phone number on their prescription ID card or their provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our clients’ information and their employees’/members’ information. To help prevent a similar occurrence in the future, we are implementing additional procedures to further expand and strengthen our security processes, and we are also providing additional education and training to our employees on how to identify and avoid suspicious emails.