Summary:
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. A&A Services, doing business as Sav-RX, is a pharmacy benefit management (PBM) company that provides prescription drug management services to employers, unions, and other organizations across the U.S. On Friday, the company notified the Maine Attorney General's office of a cybersecurity incident identified on October 8, 2023, that exposed the data of 2,812,336 people. According to the data breach notification, their investigation took almost eight months and was completed on April 30, 2024, with the help of third-party experts. This investigation revealed that the hackers first accessed non-clinical customer data on October 3, 2023. Kinds of data exposed include full name, date of birth, SSN, email address, physical address, phone number, and insurance identification number. Sav-Rx noted on its website that it didn't rush to conclude the investigations, striving for as accurate results as possible. It says its health plan customers (impacted organizations) were notified earlier, between April 30 and May 2, 2024. Though the firm currently has no evidence that the stolen information was misused or disseminated on the dark web, it enclosed instructions in the letters on enrolling in a two-year credit monitoring and identity theft protection service.

Security Officer Comments:
After identifying an issue in their computer network Sav-Rx took immediate action to secure their systems and engaged with third-party cybersecurity experts to help uncover and circumvent any persistence. Customers of Sav-Rx likely did not experience any issues, as the IT systems were properly restored by the next business day and customers saw no delays with their purchased products according to claims made by the pharmacy. The company notes that it did not have sufficient contact information to notify some individuals in many cases, so people are urged to confirm if they're affected by calling 888-326-0815. Sav-Rx implemented many new security measures in response to this incident including setting up a 24/7 security operations center, implementing multi-factor authentication on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.

Link(s):
https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/