HQ/EMEAFind out how we can help your business
Sav-Rx, a prescription management business, has notified nearly 3 million people in the US regarding a data breach incident. The notification letter explained that the 2023 cyberattack had stolen the notification recipients’ personal information.
Moreover, the firm notified the Maine Attorney General’s Office of a cybersecurity breach that exposed the personal information of approximately 2,812,336 persons. The company stated that they immediately restored the IT system on the next business day, and the attack did not delay the shipment of prescriptions.
The data breach notification also revealed that the company’s investigation lasted over eight months and ended last month with the assistance of a third-party service provider.
This investigation indicated that the hackers first gained access to client data in October last year, allowing them to access non-clinical systems and obtain files containing personal information.
The perpetrators of the Sav-Rx breach have acquired personal details that could breed other illegal activities.
Last year’s cybercriminal incident on Sav-Rx exposed various sorts of data, such as full names, dates of birth, Social Security numbers (SSN), email addresses, physical addresses, telephone numbers, Eligibility data, and Insurance identification numbers.
On its website, Sav-Rx notes that it took eight months to provide breach notices to impacted clients because their first objective was to minimise patient care disruption before investigating the incident’s impact.
Additionally, the company stated that it did not expedite the investigation to complete the examinations, aiming for as precise results as possible. It also claims that its health plan clients and impacted organisations have already received the notification messages they deployed between April 30 and May 2, 2024.
The company states that it did not have enough contact information to tell specific consumers in many cases, so people can directly call them so they can address any concern about the attack.
Sav-Rx now employs a 24/7 security operations centre, MFA on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.
Despite the lack of evidence of data misuse, the affected individuals should still be cautious about their digital activities. The stolen information could easily allow actors to organise other forms of cyberattack, especially phishing campaigns.
