A huge cyberattack affecting the American GenRx Pharmacy potentially resulted in a data breach. The incident affected hundreds of thousands of patients exposing their health data.
GenRx Pharmacy Data Breach
Through a recent press release, GenRx Pharmacy, a healthcare facility headquartered in Scottsdale, Arizona, has disclosed a data breach. The pharmacy has blamed a ransomware attack for the breach that hit its network lately.
Specifically, the service noticed the ransomware attack on its network on September 28, 2020. Following this incident, the service started investigating the matter by involving IT experts.
Although, the pharmacy’s business remained unaffected during the incident as they had uninterrupted access to all their backups. Also, they managed to quickly fend-off the attack. As stated in the press release,
Together with forensic experts, the pharmacy terminated the cybercriminals’ access to the pharmacy’s systems the same day (September 28, 2020) and confirmed that an unauthorized third party deployed the ransomware only one day before (September 27, 2020).
However, further investigations made them realize that, while the attacks failed with the ransomware attack, they did manage to steal some files from the company network. The stolen data included the health information of some patients that the pharmacy collected to manage the shipment of prescribed products.
Specifically mentioning the affected details, the notice reads,
The cybercriminals accessed and removed the following health information of certain former GenRx patients: patient ID, transaction ID (a number generated to process the prescription, not related to patient financials), first and last name, address, phone number, date of birth, gender, allergies, medication list, health plan information (including member ID), and prescription information.
Nonetheless, patients’ financial data and SSNs remained safe as the pharmacy doesn’t collect this information.
While the press release doesn’t explicitly mention the number of affected patients, the U.S. Department of Health and Human Services breach report shows that the incident affected 137,110 patients.
Following the cybersecurity incident, GenRx strengthened its system security by deploying additional antivirus and implementing other security measures.
Whereas, to the patients, they advise monitoring of account statements as a precaution.