Update on Cyber Incident
December 10, 2021 — BioPlus Specialty Pharmacy Services, LLC (“BioPlus”) is committed to protecting the confidentiality and security of the information we maintain. This notice concerns a data security incident that may have involved some of that information.
On November 11, 2021, we identified suspicious activity in our IT network. Upon learning of the incident, we immediately took steps to isolate and secure our systems. We also launched an investigation with the assistance of a third-party forensic firm and notified law enforcement.
Through the investigation, we determined that an unauthorized party gained access to our IT network between October 25, 2021 and November 11, 2021. During that time, the unauthorized party accessed files that contained information pertaining to certain BioPlus patients. However, our investigation could not rule out the possibility that information pertaining to all current and former BioPlus patients may have been subject to unauthorized access.
On December 10, 2021, we began mailing letters to all current and former patients whose information may have been involved. The information subject to unauthorized access may have included patient names, dates of birth, addresses, medical record numbers, current/former health plan member ID numbers, claims information, diagnoses, and/or prescription information. For certain patients, Social Security numbers were also involved. As a precautionary measure, the letters include guidance on how patients can protect their information. Additionally, for patients whose Social Security number was involved, we are offering complimentary credit monitoring and identity protection services. We have also established a dedicated, toll-free call center for patients to call with questions. If you believe you are affected but do not receive a letter by January 10, 2022, please call 1-855-545-2336, available Monday through Friday, between 9:00 am and 6:30 pm, Eastern Time.
We take this issue very seriously, and deeply regret any concern this incident may have caused. To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems.