A US-based healthcare firm CaptureRx has recently disclosed a ransomware attack. The service provides third-party administrative services to numerous service providers in the health sector. The incident also exposed patients’ records to the attacks.
CaptureRx Suffered Ransomware Attack
In a recent press release, CaptureRx has admitted falling prey to a cyber attack. While it didn’t precisely mention it, reports suggest that CaptureRx has specifically suffered a ransomware attack.
According to the details CaptureRx shared, the incident happened in February 2021. The firm could identify some unusual activity involving its electronic files that made them realize a cyber attack.
Upon detecting the incident, CaptureRx quickly contained the attack and started investigations.
CaptureRx recently became aware of unusual activity involving certain of its electronic files… On February 19, 2021, the investigation determined that certain files were accessed and acquired on February 6, 2021, without authorization.
It turned out that the incident did result in a breach as it exposed patients’ data to the attackers. The exposed files included information such as the first names, last names, and prescriptions.
As they moved forward with their investigations, CaptureRx began notifying its customers and healthcare providers about the matter.
According to HIPAA Journal, until now, at least five breach victims have emerged. These include,
- The Mohawk Valley Health System affiliate, Faxton St. Luke’s Healthcare in New York – 17,655 patients.
- Randolph, VT-based Gifford Health Care – 6,777 patients.
- Thrifty Drug Stores (Thrifty White) – 3,958 patients.
- Brownsville Community Health Center – 4,200+ patients.
- Lourdes Hospital in Binghamton, New York – Currently unknown number of patients.
Whereas, the following services have also admitted to having suffered an impact.
Nonetheless, the exact number of healthcare providers and affected patients still remains unknown.
Although, CaptureRx has currently assured of no misuse of breached data. Yet, they ask the customers affected during the breach to remain vigilant for identity theft and frauds.
As the investigations proceed, more affected healthcare providers and the subsequent number of affected patients may surface online.