People walk out of a Rite Aid pharmacy
Caption

Rite Aid Corporation says patient data was compromised in a recent security breach

Credit: (AP Photo/Ted Shaffrey)

While the last Rite Aid pharmacies in Georgia are closing following the corporation's bankruptcy filing last year, the company says customer data may still be at risk.

Earlier last month, someone impersonated an employee to access "certain business systems," Rite Aid Corporation said in a statement.

Patient names, addresses, birth dates and even driver's licenses of people who made purchases at Rite Aid pharmacies between June 6, 2017, and July 30, 2018, were exposed in the cyber attack.

The announcement comes as communications giant AT&T recently told millions of customers their data was likely stolen in an April leak.

In a previous attack, in March, AT&T said personal information such as Social Security numbers on 73 million current and former customers was released onto the dark web.

Protecting private health data can seem overwhelming when there are seemingly constant data breaches — from the same companies people have to trust with sensitive data.

Lisa Plaggemier, the executive director of The National Cybersecurity Alliance, said there have been an astronomical number of incidents over the last decade.  

Social engineering is the No. 1 security problem, she said.

"Bad guys" have been illegally collecting private data since the Yahoo! breach in 2013 — one of the largest in history — that  exposed users' names, email addresses, phone numbers, birth dates, and security questions — both encrypted and unencrypted, Plaggemier said.

Cracks appear when bad guys meet bad habits, she said.

"A lot of people have this habit of thinking up a long, complex password, and they get very proud of themselves that they thought of something they can remember that's long and complex," Plaggemier said.

But when a password meets all the lengthy requirements and is easy to remember, she said people start to reuse it.

"The problem is, even if we only change that by a few characters, over time or on different websites, the bad guys are using software to crack our passwords," she said.

They're also going to use technology to see if those passwords get them into anything else.

"And they can also use technology to cycle through different iterations or patterns of that passwords, swapping out numbers and letters, maybe adding an automation point or the number one at the end or something like that," she said.

That means customers of Rite Aid and AT&T, at a minimum, should change their passwords. They should also consider whether other accounts share that password.

"I wouldn't be surprised if there are still people out there that are using the same password that they used on their iPhone years ago," she said.

Plaggemier said people should consider using a password manager and opting for multi-factor authentication where offered.