WellDyneRx, LLC (“WellDyne”) is providing notice of an incident that could affect the privacy of information of certain individuals for whom it provided pharmacy benefit related services. While WellDyne is unaware of any actual or attempted misuse of individually-identifiable information, WellDyne takes this incident very seriously and is providing information about the incident, our response to it, and resources available to individuals to help protect their information, should they feel it appropriate to do so.
What Happened? On December 2, 2021, WellDyne became aware of suspicious activity related to a WellDyne email account. In response, we began an investigation of the activity with the assistance of third-party forensic investigators to determine the nature and scope of the incident. We determined that there was unauthorized access to the account between October 30, 2021, and November 11, 2021. Although there is no evidence that individually-identifiable information contained within the email account was accessed or taken by an unauthorized party, WellDyne cannot rule out this possibility. In response, WellDyne undertook a comprehensive and time-consuming programmatic and manual review of the contents of the email account to determine the type of information stored therein, and to whom the information pertained. On March 11, 2022, we completed this extensive review process, and identified the scope of the information at risk and the population who may be affected. We have worked diligently since this time to confirm the contact information for the individuals who may be impacted and the types of information at issue for each individual, in order to provide an accurate notification.
What Information Was Involved? We conducted a thorough review of the relevant WellDyne email account to identify the types of information stored therein and to whom it related. Although there is no evidence that individually-identifiable information contained within the email account was accessed or taken by an unauthorized party, we cannot rule out this possibility. While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes: name, date of birth, Social Security number, driver’s license number, treatment information, health insurance information, contact information, prescription information, and other medical/health information.
How Will Individuals Know If They Are Affected By This Incident? WellDyne will be mailing notice letters to the individuals identified as impacted. If an individual does not receive a letter but would like to know if they are affected, they may call WellDyne’s dedicated assistance line, detailed below.
What WellDyne is Doing. The confidentiality, privacy, and security of personal information within our care is among our highest priorities. Upon learning of the event, we secured the compromised account and investigated to identify any individuals that were affected. We have taken additional steps to improve security and better protect against similar incidents in the future. We are also notifying applicable regulators, including the Department of Health and Human Services.