Ransomware Attack on GenRx Pharmacy and Additional Blackbaud Ransomware Attack Victims

GenRx Pharmacy based in Scottsdale, AZ is sending notifications to a number of patients concerning the potential exposure of some of their protected health information (PHI) because of a ransomware attack. The pharmacy discovered the ransomware attack on September 28, 2020. On the same day, its IT staff acted immediately and blocked the system access of the attacker. The investigation reported the use of ransomware on 27 September but before deploying the ransomware, the attacker exfiltrated some files that contain PHI.

An analysis of the breached files confirmed that they comprised PHI including names, addresses, birth dates, sexuality, patient IDs, allergy data, prescription transaction IDs, drugs lists, health plan details, and prescription data. The pharmacies don’t collect Social Security numbers and do not keep financial details, thus there is no breach of those data. GenRx Pharmacy had backups that were employed to bring back the encrypted information and didn’t pay the ransom.

Though the number of people impacted is presently not clear, GenRx Pharmacy said less than 5% of past patients were affected. Since the attack happened, GenRx has improved its firewall, anti-virus application, integrated a web filter, upgraded network tracking, incorporated multi-factor authentication, and set up a real-time attack detection system. It provided employees extra training and revised internal policies and guidelines as needed. More controls and measures are additionally being looked at to improve security.

Blackbaud Ransomware Attack Impacted Nebraska Methodist Health System and Texas Tech University Health Sciences Center

Two additional victims of the Blackbaud ransomware attack have reported being impacted by the data breach.

Nebraska Methodist Health System has verified that selected personal information and PHI of 39,912 persons were exposed in the attack. Texas Tech University Health Sciences Center has claimed that the incident affected 37,000 people.

The two entities utilize the customer relationship management and financial services solutions of Blackbaud for fundraising reasons. From February 7, 2020 to May 20, 2020, attackers got access to Blackbaud’s systems and could have obtained backup copies of client listings prior to ransomware deployment. Blackbaud paid the ransom demand and the hackers gave assurance of deleting the stolen data.

Nebraska Methodist Health System stated the compromise of these data: Names, demographic and contact data, medical record numbers, purposes for appointments, treating doctors, treating provider, and types of encounter (i.e. emergency outpatient, outpatient surgery, or observation).

The Texas Tech University Health Sciences Center database included names, email, mailing addresses, phone numbers, dates of birth, TTUHSC medical record numbers, names of doctor and specialization.