On June 6, 2023, a notice of data breach involving Henry Ford Health System (“HFHS”) patients was filed with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”). The incident involved unauthorized access to cloud storage hosted by mscripts, a provider of mobile pharmacy solutions, which is a vendor used by HFHS. Based on the official filing, the incident resulted in an unauthorized party being able to access consumers’ names, addresses, phone numbers, dates of birth, prescription information, protected health information and health insurance information. After confirming that consumer data was leaked, HFHS began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from mscripts or Henry Ford Health System, it is essential you understand what is at risk and what you can do about it. Keep in mind, mscripts is sending the letters on behalf of Henry Ford Health, so don’t be surprised if the data breach letter is on mscripts letterhead. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Henry Ford Health data breach, please see our recent piece on the topic here.

What We Know So Far About the Henry Ford Health Breach

News of the Henry Ford Health data breach is still fresh; however, what we know at this point comes from the company’s filing with the HHS-OCR. Henry Ford also posted a “Notice of Privacy Incident” on its website. According to these sources, mscripts recently learned that certain files stored on the company’s cloud-based storage product were accessible without the need for authorization. The compromised files contained prescription order summaries and images of prescription bottles and insurance cards submitted by pharmacy patients through the mscripts website or mobile app.

In turn, mscripts reviewed all the images that were subject to unauthorized access to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, phone number, date of birth, prescription information, protected health information and health insurance information.

On June 6, 2023, mscripts sent out data breach letters on behalf of Henry Ford Health to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Henry Ford Health System and mscripts, LLC

Founded in 1915, Henry Ford Health System is an integrated health system based in Detroit, Michigan. HFHS operates dozens of hospitals, clinics, emergency rooms, and physician’s offices in and around Detroit. Some of the company’s largest hospitals include Naruvi Hospital, Henry Ford Allegiance Health, Henry Ford Wyandotte Hospital, Henry Ford West Bloomfield Hospital, Henry Ford Macomb Hospital, Henry Ford Kingswood Hospital and Henry Ford Hospital. Henry Ford Health employs more than 33,000 people and generates approximately $3.7 billion in annual revenue.

Mscripts, LLC is a software company based in San Francisco, California. The company is owned by Cardinal Health, a major healthcare services and products company based in Dublin, Ohio. Mscripts created an app that allows patients to refill their prescriptions with their pharmacies and obtain real-time information about their prescriptions. Mscripts employs more than 73 people and generates approximately $15 million in annual revenue. Cardinal Health employs more than 46,000 people and generates approximately $176 billion in annual revenue.