Most of those affected had the last four digits of their credit card, but not the security code, compromised. However, 125 had their full credit card number, minus the security code, accessible. Edgepark Medical, a unit of Cardinal Health, is offering all affected individuals one year of identity protection services from AllClear ID.
In a notification letter, Edgepark Medical said it uses industry-standard anti-virus software, yet discovered on Dec. 12, 2013 that the Web servers were accessed by unauthorized persons between March 9 and March 12 of 2013. “Unfortunately, our anti-virus software provider did not identify this particular malware issue until shortly before we were notified of the incident,” according to the letter. The company also noted that there is no indication the information has been misused.
Compromised information included name, date of birth, phone number, shipping and billing addresses, last four digits of credit card numbers for most affected customers, credit card issuer and expiration date, Edgepark account number, primary physician, diagnosis, order history and insurer.