Equi Script purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Express Scripts, Ernst & Young had a data breach in 2013, in Missouri. A partner at Ernst & Young is accused of sneaking into the headquarters of Express Scripts Holding Co. It is not clear how the Ernst & Young partner got into the headquarters, but it is believed that he emailed over 20,000 pages of data to a personal account. Express Scripts Holding Co. accused Ernst & Young of stealing the information in order to develop its health care division. Express Scripts Holding filed a lawsuit; the accused partner is no longer employed by Ernst & Young. [source].

Medco Health Solutions had a data breach in 2006, in Ohio. A laptop containing social Security numbers for State of Ohio employees and their dependents, as well as their birth dates and, in some cases, prescription drug histories was stolen from an employee. The theft occurred in December and Medco contacted Ohio officials in February. The company agreed to provide free credit monitoring and fraud alert services for the affected families for one year. [source]

Virginia Prescription Monitoring Program had a data breach in 2009, in Virginia. The information was breached via Network Server. [source]