Sav-Rx Suffers Data Breach Affecting 2.8 Million People

Prescription management services provider Sav-Rx has recently disclosed a significant data breach that compromised the personal information of nearly 2.8 million Americans. The breach was a result of a cyberattack that occurred in 2023, putting a vast amount of sensitive data at risk.

Sav-Rx – a US-based pharmacy benefits manager – has disclosed a breach with affected the info – including protected health info – of 2,812,336 individuals. https://t.co/XDcZqL7tug pic.twitter.com/Unt9fjQ7H0

— Brett Callow (@BrettCallow) May 25, 2024

Details of the Incident

The breach was first detected by A&A Services, which operates under the Sav-Rx name, on October 8, 2023, when an interruption in their computer network was noticed. The company swiftly responded by securing their systems and enlisting the expertise of cybersecurity professionals. 

Despite the attack, Sav-Rx managed to restore their information technology systems by the next business day, ensuring that prescription deliveries and pharmacy claims were not disrupted.

However, it took nearly eight months to ascertain whether personal data had indeed been compromised. 

On April 30, 2024, the exhaustive investigation, conducted with the assistance of third-party cybersecurity experts, concluded. It was discovered that hackers initially accessed customer data on October 3, 2023.

Sav-Rx reported in their official notification, “As part of the investigation, we learned that an unauthorized third party was able to access certain non-clinical systems and obtained files that contained personal information.”

Type of Data Compromised

The hackers gained access to sensitive data, including:

• Full names
• Dates of birth
• Social Security Numbers (SSN)
• Email addresses
• Physical addresses
• Phone numbers
• Eligibility data
• Insurance identification numbers

On its FAQ page, Sav-Rx clarified why it took eight months to notify the affected individuals about the breach. Initially, the company focused on minimizing any disruptions to patient care, prioritizing immediate operational stability over the commencement of their investigative efforts into the breach’s full implications.

Furthermore, Sav-Rx emphasized the thoroughness of their investigation, stating their commitment to ensuring the accuracy of their findings before making conclusions. This led to a phased notification process where health plan customers, or the impacted organizations, were the first to be informed, receiving notifications between April 30 and May 2, 2024.

The company subsequently coordinated with its business partners on the best approach to inform individual customers, culminating in the distribution of notification letters starting late last week. Sav-Rx also acknowledged the challenges in reaching all affected parties, noting a lack of sufficient contact information for some individuals. 

Response and Measures Taken by Sav-Rx

In the wake of the breach, Sav-Rx has implemented several new security measures to prevent future incidents. These include the establishment of a 24/7 security operations center, the application of multi-factor authentication on critical accounts, network segmentation, enhanced geo-blocking, and the upgrading of firewalls and switches. 

Additionally, they have improved Linux security measures and implemented BitLocker encryption. The company has also started offering two years of free credit monitoring and identity theft protection services to the affected individuals to mitigate potential harm. 

Although there is currently no evidence that the stolen information has been misused or appeared on the dark web, Sav-Rx has recommended that those impacted remain vigilant and monitor their credit reports for any suspicious activity.

For individuals uncertain about whether they have been affected, Sav-Rx has set up a dedicated hotline at 888-326-0815. They are urged to confirm their status and take advantage of the protective services offered.