Table of Contents
In recent times, CaptureRx, a leading Healthcare technology company based in San Antonio, has experienced a ransomware attack in which hackers exploited the protected health information of customers and patients. The organization operates in all the major states, and it has one of the largest databases in the country.
The company’s pharmacies operate in over 45 states, providing services to over 500 hospitals and health centers through its independent pharmacy network, including other independent, local, and national pharmacies – the company is a TX-based 340B solution provider.
Earlier this year, the cybersecurity unit detected an attack on February 19 at a health care facility, which concluded that an unauthorized group gained access and had stolen personal information belonging to around 24,000 people. These include their first and last names, date of birth, prescription information, and medical record numbers. This breach caused an array of discomfort among the patients as medical history is somewhat considered to be personal,
Post-ransomware attack measures
In the wake of the attack, the firm notified all affected clients between March 30 and April 7, 2021. After the attack was detected, the firm began reviewing all affected files completed on March 19, 2021. For all the 24000 records that were accessed, the company notified users of the breach. In response to the ransomware attack, the firm revised the policies and procedures of the systems while also providing additional training to the workforce to reduce the possibility of future attacks.
In post-attack measures, every company implements safety protocols only after the security is breached. However, sparing time and resources before the attack happens can send out a positive message for companies that don’t take cyber threats seriously and then face severe ramifications.
List of the victims
The organization has not released any additional technical information on the breach, such as how many of its healthcare provider clients were impacted. Nonetheless, HIPAA journal compiled a list of those who were affected, including:
- Thrifty Drug Stores (Thrifty White) – Currently unknown number of patients.
- The Mohawk Valley Health System affiliate, Faxton St. Luke’s Healthcare in New York – 17,655 patients.
- Randolph, VT-based Gifford Health Care – 6,777 patients.
Furthermore, CaptureRx said: There is no evidence that data has been used for any improper purposes, but the affected individuals are directed to monitor their bank accounts for fraudulent activity. Whoever carries out the attack is still waiting out there for some purpose to use the stolen.