GenRx Pharmacy has revealed a data security incident that could potentially impact the security of certain personal and protected health information regarding less than five percent of former GenRx patients.
GenRx Pharmacy, which is headquartered in Scottsdale, AZ, said it is not aware of any actual harm to individuals as a result of the cyber attack. It is providing potentially affected individuals with information via First Class mail regarding steps taken, and what can be done to protect against potential harm.
GenRx Pharmacy on September 28, 2020 found evidence of ransomware on its system and immediately began an investigation, including hiring independent information security and technology experts to assist with incident response and forensic investigation.
During the ransomware attack, the pharmacy had access to its data with unaffected backups and was able to maintain continuous business operations as they investigated.
GenRx Pharmacy terminated the cybercriminals’ access to the pharmacy’s systems the same day and confirmed that an unauthorized third party deployed the ransomware on September 27, 2020.
GenRx Pharmacy on November 11, 2020 confirmed that the cybercriminals were able to remove a small number of files that included certain health information the pharmacy used to process and ship prescribed products to patients.
The cybercriminals accessed and removed the following health information of certain former GenRx patients: patient ID, transaction ID (a number generated to process the prescription, not related to patient financials), first and last name, address, phone number, date of birth, gender, allergies, medication list, health plan information (including member ID), and prescription information.
The pharmacy does not collect patient Social Security Numbers (“SSNs”) or maintain financial information, and so there is no way that the cybercriminal could access that information of GenRx patients during this incident.
GenRx Pharmacy has upgraded its firewall firmware, added additional anti-virus and web-filtering software, instituted multifactor authentication, increased Wi-Fi network traffic monitoring, provided additional training to employees, updated internal policies and procedures, and installed real-time intrusion detection and response software on all workstations and servers that access the company network.
The pharmacy is assessing more options to enhance its protocols and controls, technology, and training, including strengthening encryption.
Although SSNs and financial information were not affected by this incident, the pharmacy recommends that as a general best practice, individuals monitor account statements and free credit reports to detect potential errors.