Canadian pharmacy retailer London Drugs said all of its stores in Western Canada will remain closed until further notice following a cybersecurity incident that it said it discovered on Sunday.
The Richmond, British Columbia-based retailer, which operates more than 80 stores in British Columbia, Alberta, Saskatchewan, and Manitoba, said it also shut down its phone lines as it works with a third-party cybersecurity firm to determine the nature and extent of the incident, and to bring its operations back online “in a safe and secure manner.”
The company said pharmacists are available in all its stores and continue to fill prescriptions in person for patients with urgent needs.
“Recognizing the impact these closures have had on our customers and employees across Western Canada, it remains our priority to continue working around the clock to have all stores fully operational,” said Clint Mahlman, president and chief operating officer, London Drugs.
The company said it was working with the cybersecurity firm to determine whether any personal data had been compromised.
The cybersecurity incident was the second breach at a major North American healthcare company in recent months following an attack in February at Change Healthcare, a division of UnitedHealth Group that offers financial payment and other services to a broad swath of healthcare businesses in the U.S.
In testimony before a Congressional hearing on Wednesday, UnitedHealth Group CEO Andrew Witty testified that the breach “could cover a substantial portion of people in America,” according to a report in the Washington Post.
The company said that its systems were hacked because part of its technology infrastructure lacked a multifactor authentication requirement in order to gain access. In a statement issued on April 22, Change Healthcare said it was making progress on restoring its payment-processing services, which enable doctors, pharmacies, hospitals, and other healthcare businesses to collect reimbursements from insurance companies.
Representatives from both parties in Congress reportedly grilled Witty about the breach, saying UnitedHealth Group may have grown too fast through a series of acquisitions without executing proper oversight of the companies it acquired.
According to the HIPPA Journal, which tracks healthcare data breaches in the U.S., the number of such incidents has soared in recent years. It reported 725 large data breaches (compromising 500 or more patient records) in 2023, up from 720 in 2022 and more than double the 358 reported in 2018. Through April 24 of this year, there were 218 such data breaches, the HIPPA Journal reported.
