At least three American healthcare providers have been impacted after an administrative services company in Texas fell victim to a cyber-attack.
Only now news came out that San Antonio-based CaptureRx suffered a ransomware attack on February 6. A subsequent investigation into the incident revealed that certain files had been accessed by an unauthorized party.
CaptureRx runs Cumulus platform that is designed to help its health care customers to manage 340B program compliance and reduce the administrative burden of 340B program management.
Investigators said that during the attack, cyber-criminals exfiltrated files with the personal health information of over 24,000 individuals.
Experts reviewing the attack on March 19, determined that the security breach impacted 17,655 patients of Faxton St. Luke’s Healthcare and 6,777 patients of Gifford Health Care. There was a number of Thrifty Drug Store patients that had been affected by the attack, but the exact number has not yet been determined.
Data stolen by the attackers may have included names, dates of birth, medical record numbers, and prescription information.
HIPAA Journal said in a report published today that CaptureRx currently doesn’t know how many of its healthcare clients have been affected by the data breach. However, CaptureRx notified its healthcare clients about the incident between March 30 and April 7.
As WKTV reports, CaptureRx failed to notify about the data breach 100 patients of Faxton St. Luke’s Healthcare because the company could not find a valid mailing address for them.
The company said there is no evidence that the stolen data has been misused by the attackers.
The company’s customers have been advised to monitor their bank accounts for any signs of fraudulent activity.
“Data privacy and security are among CaptureRx’s highest priorities, and there are extensive measures in place to protect information in CaptureRx’s care,” stated Capture Rx.
“As part of CaptureRx’s ongoing commitment to the security of information, all policies and procedures are being reviewed and enhanced and additional workforce training is being conducted to reduce the likelihood of a similar event in the future.”