NewsSecurity & Vulnerability

GenRx Pharmacy Ransomware Attack Leads to Disclosure of HIPAA Data Breach

GenRx Pharmacy has reported a data protection incident that could possibly have an effect on the safety of some confidential and secure health details for less than 5% of former patients with GenRx.

In a recent safety warning, the company said: “On September 28, 2020, the pharmacy discovered signs of ransomware on its system and immediately launched an investigation, including the hiring of independent information management and technology specialists to assist with incident response and forensic investigation.

“Together with forensic experts, the pharmacy ended cyber-criminals’ access to pharmacy systems on the same day… and confirmed that an unauthorized third party had deployed ransomware only one day before (September 27, 2020).”

The pharmacy had access to its data with uninflamed backups during the ransomware attack and was able to maintain continuous business while investigating it.

On 11 November 2020 GenRx Pharmacy reported that cybercriminals were able to delete some health data from a medication used for manufacturing and ship to patients a limited number of files.

Cyber-criminals obtained and deleted the following health information of certain former GenRx patients: patient ID, transaction ID (prescription processing number not linked to the patient financials), first and last name, address, phone number, date of birth, gender, allergies, drug list, health plan information (including member ID), and prescription information.

The pharmacy does not collect patient Social Security Numbers (“SSNs”) or maintain financial information, and so there is no way that the cybercriminal could access that information of GenRx patients during this incident.

An entry on the US Department of Health and Human Services’ HIPAA breach portal indicates that more than 137,000 GenRx patients are being informed about the incident.

The pharmacy does not collect patient Social Security Numbers (“SSNs”) or maintain financial information, and so there is no way that the cybercriminal could access that information of GenRx patients during this incident.

“While the pharmacy is not aware of any actual harm to individuals as a result of the situation, it is providing potentially affected individuals with information via first-class mail regarding steps taken, and what can be done to protect against potential harm.”

The Daily Swig has reached out to GenRx Pharmacy with questions relating to the ransomware strain that was used in the attack. 

Tags

Drashti

Drashti is a free-spirited person, who loves writing stories and listening to music. She loves learning and exploring new languages and cultures, and makes sure to click a picture of the same for her Memoir.
Back to top button
Close
Close