Confidio Privacy Notice
Last Modified: March 31, 2020
A Notice to our Clients’ Members
Confidio, LLC (“Confidio”) is committed to protecting the confidentiality and security of the information provided to us by our clients’. Regrettably, this notice concerns an incident that involved some of that information, including limited information about some of our clients’ current/former employees/members and their dependents (“Involved Individuals”).
Confidio is a pharmacy benefits consulting firm that provides pharmacy solutions and consulting services. As necessary to perform these services, we receive some personal information about our clients’ employees and dependents.
On February 10, 2020, we notified certain of our clients that we had identified suspicious activity within one of our employee’s email accounts on December 12, 2019. We immediately secured the account, launched an investigation to determine the nature and scope of the incident, and a computer security firm was engaged to assist. On January 17, 2020, the investigation determined that an unauthorized person accessed the employee’s account between November 29, 2019 and December 12, 2019, and emails and attachments in the account may have been downloaded.
The investigation was unable to determine which email and/or attachments, if any, were viewed or acquired by the unauthorized person(s). We therefore performed a comprehensive review of the information contained in the email account to determine what may have been accessible to the unauthorized person(s). Through that analysis, we identified information relating to some of our clients’ current and/or former employees and dependents. The information may have included Involved Individuals’ names, dates of birth, prescription information, health insurance information, and/or clinical or treatment information, such as provider names or diagnoses. In some instances, Social Security numbers were also identified in the account.
This incident did not affect all of our clients or their employees/members. Involved Individuals are limited to those individuals whose information was contained in the affected email account.
We have no indication that any specific individual’s information was actually viewed or downloaded by the unauthorized person(s), or that it has been misused. However, we are mailing notification letters to Involved Individuals. We also established a dedicated, toll-free call center to answer questions individuals may have about the incident. If you have questions, please call 1-888-921-0542, from 9:00 a.m. to 6:30 p.m. Eastern time, Monday through Friday.
For Involved Individuals whose Social Security number was contained in the email account, we are offering complimentary credit monitoring and identity protection services. We also recommend Involved Individuals review any billing statements or notifications of prescriptions ordered or filled that they receive from their mail and retail pharmacies or their healthcare providers. If they see charges for services or prescriptions they did not request or receive, they should contact the Pharmacy Benefit Manager at the phone number on their prescription ID card or their provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our clients’ information and their employees’/member’s information. To help prevent a similar occurrence in the future, we are implementing additional procedures to further expand and strengthen our security processes, and we are also providing additional education and training to employees on how to identify and avoid suspicious emails.