SECURITY
SECURITY
SECURITY
2.8M+ records exposed in data breach at prescription management company Sav-Rx
U.S. prescription management company Sav-Rx has disclosed that the records of more than 2.8 million customers have been exposed in a data breach that occurred in October last year.
The first indication of the breach was made in a May 24 filing with the Office of the Maine Attorney General, with the company then following up with a frequently asked questions page for its “data security incident.”
According to Sav-Rx, the breach started with the company identifying an interruption to its computer network on Oct. 8, 2023. The company then ticked off the standard response list — securing their systems, hiring third-party cybersecurity experts, informing law enforcement and launching an investigation.
The disruption to information technology services was rectified within one day and patient care did not suffer delays as a result. However, the investigation also found that an authorized third party accessed certain nonclinical systems and obtained files containing information.
Affected customers were those who were in Sav-Rx’s medication benefits management system, but not pharmacy customers. Customers that have been affected are being offered complimentary access to 24 months of credit monitoring.
The form of the breach was not disclosed. Given the scant information provided by the company, it’s hard to say if it was ransomware, but it wouldn’t be surprising if it were: Data theft and systems offline typically point to ransomware.
Hacks are a dime a dozen, but how a company reacts to being hacked and informing its customers are good tests of whether it’s acting in good faith or not. Although Sav-Rx claims that it only got the results of the investigation back on April 30, the hack took place in October and it’s now only now informing customers near the end of May.
“I don’t think the eight months it took Sav-Rx to notify impacted customers of the breach is going to fly with anyone, least of all their customers,” Roger Grimes, data-driven defense evangelist at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “Today, you’ve got most companies notifying impacted customers in days to a few weeks. Eight months? Whoever decided on that decision is likely to come under some heat and have explaining to do.”
Photo: Sav-rx
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
