CaptureRx – Notice of Data Incident (Update 3)
NOTE: This post is no longer being updated. Please see this article for updates on this incident.
Update of May 12: Add Walmart to your list of covered entities who had patients impacted by the CaptureRx breach. CaptureRx notified them on April 5. We haven’t yet learned the number of patients impacted for this one.
Update of May 9: In addition to the covered entities mentioned below, UPMC Cole and UPMC Wellsboro have notified 7,400 patients; Bayhealth in Delaware has notified patients, and Brownsville Community Health Center notified 4,256 patients. Thanks to @amvinfe for calling these to our attention.
In other posts on this site, three covered entities (Faxton St. Lukes, Gifford Health, and Thrifty Drug) were identified who were impacted by a breach involving CaptureRx. Lourdes Hospital in NY was also reportedly impacted. Now CaptureRx has issued a press release about the incident. It begins:
SAN ANTONIO, May 5, 2021 /PRNewswire/ — CaptureRx is a vendor for certain healthcare providers and is providing notice of a recent event at CaptureRx that may affect the privacy of certain data CaptureRx received from these healthcare providers. This notification provides information about the event, CaptureRx’s response to it, and resources available to individuals to help protect their information, should they feel it necessary to do so.
What Happened? CaptureRx recently became aware of unusual activity involving certain of its electronic files. Following this, CaptureRx immediately began an investigation into this activity and worked quickly to assess the security of its systems. On February 19, 2021, the investigation determined that certain files were accessed and acquired on February 6, 2021 without authorization.
CaptureRx then immediately began a thorough review of the full contents of the files to determine whether sensitive information was present at the time of the incident. On or around March 19, 2021, CaptureRx completed this review to confirm the full scope of affected individuals and associated covered entities to which the information related. Between March 30, 2021 and April 7, 2021 CaptureRx began the process of notifying healthcare providers of this incident. Since then, CaptureRx has worked with healthcare providers to notify the affected individuals whose information was identified by the review.
What Information Was Involved? The investigation determined that, at the time of the incident, the relevant files contained first name, last name, date of birth, and prescription information.
What Is CaptureRx Doing? Data privacy and security are among CaptureRx’s highest priorities, and there are extensive measures in place to protect information in CaptureRx’s care. Upon learning of this incident, CaptureRx moved quickly to investigate and respond. This investigation and response included confirming the security of CaptureRx’s systems, reviewing the contents of the relevant files for sensitive information, and notifying covered entities associated with that sensitive information. As part of CaptureRx’s ongoing commitment to the security of information, all policies and procedures are being reviewed and enhanced and additional workforce training is being conducted to reduce the likelihood of a similar future event. CaptureRx is also working with healthcare providers to notify individuals whose information was contained in the subject files as well as appropriate regulatory authorities.
What You Can Do. CaptureRx encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Additional steps individuals can take is provided in the below “Steps You Can Take to Protect Personal Information.”
For More Information. CaptureRx has established a dedicated assistance line at (855) 654-0919 (toll free), Monday – Friday, 9:00 a.m. to 9:00 p.m., Eastern Time for any questions individuals have.
Read more on PR Newswire.