[BreachExchange] CaptureRx Ransomware Attack Affects Multiple Healthcare Provider Clients

Destry Winant destry at riskbasedsecurity.com
Mon May 10 10:45:42 EDT 2021


https://www.hipaajournal.com/capturerx-ransomware-attack-affects-multiple-healthcare-provider-clients/

CaptureRx, a San Antonio, TX-based provider of 340B administrative services
to healthcare providers, has suffered a ransomware attack in which files
containing the protected health information of customers’ patients were
stolen.

The security breach was detected on February 19, 2021, with the
investigation confirming unauthorized individuals had accessed and acquired
files containing sensitive data on February 6, 2021. A review of those
files was completed on March 19, 2021 and affected healthcare provider
clients were notified between March 30 and April 7, 2021.

CaptureRx has since been working with the affected healthcare providers to
notify all individuals affected. The types of data exposed and acquired by
the attackers was limited to names, dates of birth, prescription
information and, for a limited number of patients, medical record numbers.

CaptureRx had security systems in place to ensure the privacy and security
of healthcare data, but the attackers had managed to bypass those
protections. Following the attack, policies and procedures were reviewed
and enhanced and additional training has been provided to the workforce to
reduce the risk of any further security breaches.

It is currently unclear how many of its healthcare provider clients have
been affected nor the total number of individuals impacted by the breach.
Breach victims include:

- The Mohawk Valley Health System affiliate, Faxton St. Luke’s Healthcare
in New York – 17,655 patients.
- Randolph, VT-based Gifford Health Care – 6,777 patients.
- Thrifty Drug Stores (Thrifty White) – Currently unknown number of
patients.

CaptureRx said the investigation into the breach has not uncovered evidence
to suggest any actual or attempted misuse of data stolen in the attack;
however, affected individuals have been advised to monitor their account
and explanation of benefits statements for signs of fraudulent activity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210510/a109c175/attachment.html>


More information about the BreachExchange mailing list