Arizona-based pharmacy suffers breach impacting more than 130,000 individuals
GenRx Pharmacy, which is headquartered in Scottsdale, Arizona, reported a data security incident on December 18 affecting 137,110 individuals, according to the Office for Civil Rights (OCR) breach report.
In a security notice posted on Business Wire, GenRx said it found evidence of ransomware on its system on September 28 and immediately launched an investigation, which included the hiring of independent information security and technology experts. GenRx terminated the cybercriminals’ access to the pharmacy’s systems within one day. However, the investigation revealed that the cybercriminals were able to remove files that included certain protected health information (PHI) of patients.
The PHI that was accessed included the following:
- Address
- Allergies
- Date of birth
- First and last name
- Health plan information (including member ID)
- Medication list
- Patient ID
- Phone number
- Prescription information
- Transaction ID
GenRx noted that it does not collect patient Social Security numbers or maintain financial information.
In response to the breach, GenRx took steps to upgrade its security, including improving its firewall firmware, adding additional anti-virus and web-filtering software, instituting multi-factor authentication, and increasing WiFi network traffic monitoring. Additional training was also provided to employees, and internal policies and procedures were upgraded.
GenRx alerted affected individuals via a mailed notification letter.