CaptureRx Ransomware Attack Impacts Multiple Healthcare Provider Clients

CaptureRx provides 340B administrative services to healthcare companies in San Antonio, TX and it reported a ransomware attack that led to the stealing of files that include its customers’ patients protected health information (PHI).

The provider found out about the security incident on February 19, 2021. A breach investigation confirmed on February 6, 2021 that unauthorized persons obtained access to patient files with sensitive data. CaptureRx conducted an analysis of the stolen files, which was completed on March 19, 2021. Then, the provider sent breach notifications to the impacted healthcare company clients starting on March 30 up to April 7, 2021.

Since the attack, CaptureRx has made efforts together with the healthcare providers affected to notify all the men and women whose data was compromised. The attackers potentially accessed the following types of data: names, birth dates, and prescription records. For a number of patients, their medical record numbers were affected as well.

CaptureRx had established security solutions to secure that the privacy of healthcare data, nevertheless the attackers still successfully circumvented that protection. Soon after the attack, the provider analyzed and enhanced its policies and protocols. The employees also acquired supplemental training to lessen the possibility of more security breaches in the future.

It is unclear at this time how many of CaptureRx’s healthcare firm clients nor the total number of individuals impacted by the breach. The breach affected the following medical providers:

  • Thrifty Drug Stores (Thrifty White) has an undetermined number of patients at this time
  • Faxton St. Luke’s Healthcare based in New York, also a Mohawk Valley Health System affiliate, takes care of 17,655 patients.
  • Gifford Health Care based in Randolph, VT takes care of 6,777 patients.

CaptureRx claimed the breach investigation report didn’t come across any evidence that points to any real or attempted misuse of the stolen information; even so, the affected persons are advised to keep an eye on their account and explanation of benefits statements to check for fraudulent orders.