On March 14, 2025, Cottrill’s Specialty Pharmacy (“Cottrill's”) filed a notice of data breach with the Attorney General of Vermont after discovering unauthorized access within its computer network. In this notice, Cottrill’s explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, including their names, dates of birth, Social Security numbers, driver’s license numbers, state identification numbers, medical information, and health insurance information. Upon completing its investigation, Cottrill’s began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Cottrill’s Specialty Pharmacy, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Cottrill’s Specialty Pharmacy data breach. For more information, please see our recent piece on the topic here.
What Caused the Cottrill’s Specialty Pharmacy Data Breach?
The Cottrill’s Specialty Pharmacy data breach was only recently announced, and more information is expected in the near future. However, Cottrill’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. Cottrill’s also posted a website notice discussing the incident.
According to these sources, on January 21, 2025, Cottrill’s detected unusual activity within its computer network. In response, Cottrill’s secured its network and then launched an investigation with the help of outside cybersecurity experts. Through this investigation, Cottrill’s confirmed that an unauthorized party was able to access its IT network on January 21, 2025, and during this time, the unauthorized party had the ability to acquire certain files containing confidential consumer information.
After learning that sensitive consumer data was accessible to an unauthorized party, Cottrill’s Specialty Pharmacy reviewed the compromised files to determine what information was leaked and which consumers were impacted. Cottrill’s completed this process on February 24, 2025, and while the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, driver’s license number, state identification number, medical information, and health insurance information.
On March 14, 2025, Cottrill’s Specialty Pharmacy sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Cottrill’s Specialty Pharmacy
Cottrill's Specialty Pharmacy is a pharmacy provider specializing in complex and high-cost medications for patients with chronic and rare conditions. Headquartered in Orchard Park, New York, the pharmacy offers personalized medication management, home delivery services, and patient support programs to ensure optimal treatment outcomes. With a focus on compassionate care and compliance, Cottrill's Specialty Pharmacy works closely with healthcare providers, insurance companies, and patients to streamline medication access and improve adherence. The organization employs approximately 33 people and generates an estimated $9 million in annual revenue.
