Scottsdale, AZ-based GenRx Pharmacy is alerting certain patients that some of their protected health information has potentially been compromised in a ransomware attack. The attack was detected on September 28, 2020 and the IT team acted quickly and terminated the attacker’s access to its systems the same day. The investigation confirmed ransomware was deployed on 27 September and prior to the use of ransomware a small number of files containing protected health information were exfiltrated by the attackers.
A review of the stolen files revealed they contained protected health information such as names, addresses, dates of birth, gender, allergy information, patient IDs, prescription transaction IDs, medication lists, health plan information, and prescription information. Social Security numbers are not collected by the pharmacies and financial information is not retained, so that information could not have been compromised. GenRx Pharmacy had valid backups that were used to restore the encrypted data and no ransom was paid.
While the number of individuals affected is currently unclear, GenRx Pharmacy said fewer than 5% of former patients have been affected. Since the attack, GenRx has upgraded its firewall, improved its anti-virus software, implemented a web filter, enhanced network monitoring, added multi-factor authentication, and installed a real-time intrusion detection system. Employees have also received additional training and internal policies and procedures have been updated. Further controls and measures are also being considered to enhance security.
Nebraska Methodist Health System and Texas Tech University Health Sciences Center Impacted by Blackbaud Ransomware Attack
Two further victims of the ransomware attack on the cloud service provider Blackbaud have announced they have been affected by the incident.
Nebraska Methodist Health System has confirmed that 39,912 individuals have had some of their personal and protected health information compromised in the attack and Texas Tech University Health Sciences Center has reported the breach as affecting 37,000 individuals.
Blackbaud provided both entities with customer relationship management and financial services tools which were used for fundraising purposes. Between February 7, 2020 and May 20, 2020, hackers had access to Blackbaud’s systems and may have acquired backup copies of customer databases before deploying ransomware. Blackbaud paid the ransom and received assurances that the stolen data had been deleted.
Nebraska Methodist Health System said the following information was compromised: Names, demographic and contact information, medical record numbers, reasons for visits, treating physicians, treating facilities, and encounter types (i.e. inpatient, outpatient surgery, observation, or emergency outpatient).
The Texas Tech University Health Sciences Center database contained names, mailing addresses, telephone numbers, email addresses, dates of birth, TTUHSC medical record numbers, physician names and specialty.
The post Former GenRx Pharmacy Patients’ PHI Potentially Compromised in Ransomware Attack appeared first on HIPAA Journal.