The recent data breach at Sav-Rx in late 2023 has resulted in the theft of sensitive information belonging to over 2.8 million individuals in the United States, as confirmed by the company in a filing with the Maine Attorney General.
Sav-Rx functions as a pharmacy benefit manager (PBM), offering prescription drug benefit services to various entities like unions, employers, and health plans. Its responsibilities encompass managing prescription medication delivery, negotiating prices with drug manufacturers and pharmacies, and other related services.
The breach occurred on October 8, 2023, prompting Sav-Rx to swiftly secure its systems and restore operations. Despite resuming normal business activities the next day, it took the company eight months to conclude its forensic investigation, during which it determined that the hackers had accessed sensitive customer data.
According to Sav-Rx, the compromised data includes individuals’ full names, birth dates, Social Security Numbers (SSN), email addresses, postal addresses, phone numbers, eligibility data, and insurance identification numbers. Although clinical data was not compromised, the stolen information is substantial enough for potential identity theft, phishing, or social engineering attacks by malicious actors.
Sav-Rx has taken several measures in response to the breach, including notifying affected individuals, establishing a 24/7 security operations center, implementing multi-factor authentication for critical accounts, network segmentation, geo-blocking, firewall upgrades, and other security enhancements.