*Damn those window envelops! That must be what CVS Health is saying after a letter mailed out last year showed the status of participants in the state of Ohio’s HIV drug assistance program through the envelopes’ glassine window.Now, the company is the target of a Federal lawsuit.
A complaint filed on March 21 also named Fiserv, the company that CVS hired to mail the letters; which shared HIV status of 6,000 patients through the envelops clear window.
Inside the envelop were new benefits cards and information on a mail prescription program.
A report by CNN states…
The companies are being sued by three unidentified plaintiffs, according to the complaint.
The first plaintiff, only identified as John Doe One of Delaware County, Ohio, says he “feels that CVS has essentially handed a weapon to anyone who handled the envelope, giving them the opportunity to attack his identity or cause other harm to him.”
Another plaintiff identified as John Doe Two of Defiance County says he lives in a small town and fears the stigma stemming from the disclosure of his HIV status. He is also concerned that his “friends and family run the risk of being stigmatized just by being seen with him.”
The third plaintiff says he also lives in a small town in Gallia County, where “everyone knows everyone” and has experienced “significant distress as a result of this disclosure.”
He is scared to leave his home and has “experienced complications and health issues since this disclosure, up to and including just in the past several days.”
The plaintiffs are seeking a class-action suit and a jury trial.
To make bad matters even worse, CVS didn’t announce the data breach, and didn’t contact all of the patients whose status was revealed.
CVS sent a statement to CNN saying the envelope window was intended to show a reference code for the assistance program and not the recipient’s health status.
to read what the company said they did as soon as they realized the breach.