Pharmacy prescription services provider A&A Services, which operates as Sav-Rx, is notifying roughly 2.8 million individuals that their personal information was compromised in a cyberattack.
The incident, the organization said, occurred on October 8, 2023, when it identified an interruption to its computer network, and was immediately contained, with the impacted systems restored the next business day.
“The disruption to our IT systems did not result in any material disruption to patient care. Prescriptions were shipped on time and without delay. Our adjudication system was not affected so network pharmacy claims adjudicated continuously without impact or delay,” Sav-Rx said.
According to the company, however, the attackers accessed non-clinical systems containing personal information and exfiltrated data from them.
The compromised information includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, eligibility data, and insurance identification numbers. No clinical or financial information was compromised in the attack.
The company informed the Maine Attorney General’s office that 2,812,336 individuals were impacted by the data breach.
What Sav-Rx did not say, however, was whether file-encrypting ransomware was deployed during the attack.
The company did not share information on the threat actor responsible for the incident either, but the notification letter suggests that a ransom was paid out to ensure that the stolen information is not shared with other cybercriminals.
“Once we identified the interruption, we took immediate action to investigate, and we worked in conjunction with outside cybersecurity experts to contain the incident and confirm any data acquired from our IT System was destroyed and not further disseminated,” the notification letter reads.
SecurityWeek has emailed Sav-Rx for additional information on the data breach and will update this article as soon as a reply arrives.
The company is providing the affected individuals with two years of free credit monitoring and identity theft restoration services and encourages them to remain vigilant for any suspicious activity on their accounts.
Sav-Rx is a pharmacy benefit manager (PBM) firm that administers prescription drug programs on behalf of various health plans and organizations in the US.
Related: 400,000 Impacted by CentroMed Data Breach
Related: 2.4 Million Impacted by WebTPA Data Breach
Related: MediSecure Data Breach Impacts Patient and Healthcare Provider Information
