Cyber Incident Victim: Surecare Specialty Pharmacy

On August 16, 2021, El Paso, Texas-based Surecare Specialty Pharmacy experienced a sophisticated ransomware attack that disrupted its operations. The organization’s IT provider intervened promptly to contain the incident, limiting its immediate spread and preventing further unauthorized access to systems. By August 31, 2021, a forensic investigation firm concluded its initial assessment, confirming that files containing patients’ protected health information (PHI) may have been accessed or exfiltrated during the breach. The compromised data included identifiable and sensitive details such as patient names, physical addresses, dates of birth, health insurance policy information, and prescription records. The attack did not permanently cripple operations due to the containment efforts, but it necessitated a thorough review of system vulnerabilities. Surecare Specialty Pharmacy did not publicly disclose whether a ransom was demanded or paid, nor did it identify the specific ransomware variant involved in the attack.

The incident potentially affected 8,412 patients whose PHI was stored within the compromised systems. Following the forensic confirmation of data exposure, Surecare Specialty Pharmacy implemented additional security measures to harden its network defenses and prevent future intrusions. These enhancements included system-wide security audits, infrastructure upgrades, and revised access controls, though specific technical details were not publicly disclosed. The pharmacy did not report any prolonged operational outages or service disruptions beyond the immediate containment phase. Affected individuals were notified about the potential exposure of their data, though the article did not specify whether identity theft protection services were offered. The organization emphasized its collaboration with cybersecurity experts and regulatory bodies to address compliance obligations and mitigate risks stemming from the breach.