Sav-Rx, a US-based prescription company, reportedly confirmed a data breach last October 2023 that affected 2.8 million customers' critical yet non-clinical personal information.
Pharmacy benefit management (PBM) provider A&A Services, doing business as Sav-RX, offers prescription medication management services to unions, businesses, and other organizations nationwide.
According to Bleeping Computer, the business alerted the Maine Attorney General's office on Friday to a cybersecurity breach that occurred in October 2023 and exposed 2,812,336 people's data. The healthcare organization reports that files containing personal data were accessed by an unauthorized third party that gained access to some non-clinical systems.
The details that have been made public include Social Security Numbers (SSNs), phone numbers, full names, dates of birth, eligibility information, email and physical addresses, and insurance identification numbers.
According to Sav-Rx, it took them eight months to notify affected customers of the breach because their priority was minimizing patient care disruptions before investigating the incident's effects.
Sav-Rx added that it took time to complete the studies and provide the most accurate findings. It claims that between April 30 and May 2, 2024, its health plan clients (the impacted firms) received notification sooner.
There was minimal disruption to its business operations, and neither the transportation of medical prescriptions nor the processing of pharmacy claims was delayed. Although their systems were back up and running in a day, it took significantly longer to determine whether personal data had been stolen.
Read Also : Unnamed Australian Healthcare Provider Hacked: National Cyber Security Coordinator Confirms
Sav-Rx Data Breach Warning
With the assistance of outside specialists, the data breach notification states that their investigation took nearly eight months to complete and was finished on April 30, 2024. According to the statement on October 3, 2023, the hackers gained access to client data for the first time.
After that, Sav-Rx and its corporate clients came to an understanding that Sav-Rx should inform the affected parties, which is why the letters were distributed late last week. People are asked to confirm if they are affected by phoning 888-326-0815, as the company states that in many situations, it did not have enough contact information to alert some consumers.
LACDMH Data Breach
There have been several cyberattacks in other healthcare organizations nationwide before this most recent data breach. The Los Angeles County Department of Mental Health most recently verified that on March 20, a staff member of LACDMH clicked on a phishing email, compromising an account.
According to the department, the employee's accounts contained private and sensitive client data. Quickly after, LACDMH asked a "nationally recognized forensic firm" for help figuring out what had been accessed and downloaded.
LACDMH sent letters to the affected individuals, but it's unknown if any information was accessed. The department vowed to contact all affected clients, even though they did not have their addresses.
