{"id":163748,"date":"2024-05-27T20:51:20","date_gmt":"2024-05-27T20:51:20","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=163748"},"modified":"2024-05-27T20:51:21","modified_gmt":"2024-05-27T20:51:21","slug":"sav-rx-data-breach","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/163748\/data-breach\/sav-rx-data-breach.html","title":{"rendered":"Sav-Rx data breach impacted over 2.8 million individuals"},"content":{"rendered":"
<\/div>\n

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 million people in the United States.<\/h2>\n\n\n\n

Prescription service company Sav-Rx disclosed a data breach after 2023 cyberattack. The company is notifying 2,812,336 individuals impacted by the security breach in the United States.<\/p>\n\n\n\n

A&A Services, which operates as Sav-RX, shared with the Maine Attorney General’s office the data breach notification letter sent to the impacted individuals.<\/p>\n\n\n\n

The investigation conducted by the company with the help of external cybersecurity experts revealed that threat actors first gained access to the IT System on or around October 3, 2023.<\/gwmw><\/p>\n\n\n\n

“On October 8, 2023, we identified an interruption to our computer network. As a result, we immediately took steps to secure our systems and engaged third-party cybersecurity experts. Our information technology systems (\u201cIT System\u201d) were restored the next business day, and prescriptions were shipped on time without delay.” reads the letter<\/strong><\/a> sent to the impacted individuals. “As part of the investigation, we learned that an unauthorized third party was able to access certain non-clinical systems and obtained files that contained health information. After an extensive review with third-party experts, on April 30, 2024, we discovered that some of the data accessed or acquired by the unauthorized third party may have contained your protected health information.” <\/em><\/p>\n\n\n\n

Compromised data includes full name, date of birth, Social Security Number (SSN), email address, physical address, phone number, eligibility data, and insurance identification number.<\/p>\n\n\n\n

Sav-Rx took eight months to notify impacted individuals to avoid impacting patient care with its investigation.<\/p>\n\n\n\n

“Our initial priority was restoring systems to minimize any interruption to patient care.” states the company<\/a>. “The incident did not affect our pharmacy systems, including those systems related to our mail order pharmacy. Not all customers were impacted, and not all health plan participants were impacted.”<\/em><\/p>\n\n\n\n

The company promptly notified law enforcement authorities. <\/gwmw>Sav-Rx worked with external cybersecurity experts to contain the incident and ensure any data stolen from the company was destroyed and not further disseminated. <\/p>\n\n\n\n

The firm pointed out that the incident had a limited impact on its operations, its IT system was restored
the next business day and there was no delay in the shipment of prescriptions.<\/p>\n\n\n\n

The prescription service provider also announced it has enhanced its security protocols, controls, technology, and training. <\/gwmw><\/p>\n\n\n\n

Sav-Rx is offering impacted individuals complimentary access to 24 months of credit monitoring and identity theft restoration services provided by Equifax.<\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0data breach)<\/strong><\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 million people in the United States. Prescription service company Sav-Rx disclosed a data breach after 2023 cyberattack. The company is notifying 2,812,336 individuals impacted by the security breach in the United States. A&A Services, which operates as Sav-RX, shared with the Maine […]<\/p>\n","protected":false},"author":1,"featured_media":163754,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,3,4337,5],"tags":[88,182,4112,9508,9506,10918,687,841,1533],"class_list":["post-163748","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-cyber-crime","category-data-breach","category-hacking","tag-cybercrime","tag-data-breach","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司