Cyber Incident Victim: GenRx Pharmacy

On September 28, 2020, GenRx Pharmacy discovered evidence of ransomware on its systems during routine operations. The pharmacy immediately initiated an investigation by engaging independent information security and IT experts to conduct forensic analysis and incident response. Forensic evidence confirmed that unauthorized third parties had deployed the ransomware on September 27, 2020, one day prior to detection. The attackers gained access to a limited number of files containing protected health information before being expelled from the system on the same day as the discovery (September 28). GenRx maintained uninterrupted business operations throughout the incident due to unaffected backups and retained full access to its data. By November 11, 2020, investigators confirmed the cybercriminals had exfiltrated specific files containing personal and health information of former patients.

The compromised data included patient identifiers, transaction IDs, full names, addresses, phone numbers, dates of birth, genders, allergy information, medication lists, health plan details including member IDs, and prescription information. No Social Security Numbers or financial data were impacted, as GenRx did not collect or store such information. The breach affected fewer than five percent of former patients. In response, GenRx implemented multiple security enhancements including firewall firmware upgrades, additional antivirus and web-filtering software, multifactor authentication deployment, increased Wi-Fi network monitoring, employee cybersecurity training, and installation of real-time intrusion detection systems across all networked devices. The pharmacy notified affected individuals via first-class mail, provided a dedicated call center for inquiries, and reported the incident to federal and state regulatory authorities as well as Equifax, Experian, and TransUnion. No actual misuse of the exposed information had been identified at the time of notification.