Cyber Incident Victim: Direct Scripts

On January 30, 2019, Direct Scripts, an Ohio-based pharmacy benefits management services provider, experienced a ransomware attack that resulted in the encryption of files containing protected health information. The attackers targeted a specific server storing customer names, addresses, and prescription information. All other organizational servers and computers remained inaccessible during the incident, limiting the exposure of additional sensitive data. Forensic investigations revealed no evidence suggesting patient information had been misused following the encryption event. The attack specifically compromised prescription-related records without accessing broader medical histories or financial data stored on segregated systems. Direct Scripts did not disclose whether a ransom was demanded or paid to restore access to the encrypted files.

Following containment of the incident, Direct Scripts initiated notification letters to affected individuals whose prescription data resided on the compromised server. The organization reported the breach to the Department of Health and Human Services' Office for Civil Rights, which publicly documented the event as impacting 9,319 individuals. No technical details regarding attack vectors or malware variants were disclosed publicly. The investigation confirmed that operational systems unrelated to the targeted server maintained functionality throughout the incident. Direct Scripts emphasized that prescription information alone was exposed, with no corroborating evidence indicating unauthorized data exfiltration or secondary misuse of the encrypted health records.