cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

2.8m affected in Sav-Rx data breach

A major US prescription management firm has disclosed that a data breach on its systems resulted in the theft of data belonging to 2.8 million people.

user icon Daniel Croft
Tue, 28 May 2024
2.8m affected in Sav-RX data breach
expand image

Sav-Rx, operating as A&A Services, discovered in an investigation that a threat actor had gained unauthorised access to its systems on 3 October 2023 after it detected an interruption to its systems.

While the firm quickly worked to secure its systems and engaged third-party cyber security experts, the threat actor was able to gain access to “certain non-clinical systems and obtain certain files that contained personal information”, Sav-Rx said.

“However, in conjunction with third-party experts, we have confirmed that any data acquired from our IT system was destroyed and not further disseminated.”


According to Sav-Rx’s filing with the Office of the Maine Attorney General, 2,812,336 people were affected, with data accessed including names, dates of birth, email addresses, physical addresses, phone numbers, social security numbers, insurance identification numbers and eligibility data for prescriptions.

Sav-Rx also addressed why it took the company eight months to notify its customers, saying it wished to prevent patient care from being interrupted by the investigation. It also ensured that investigative findings were accurate before notifying customers, hence the lengthy period between the breach discovery and the investigation.

“We have taken a number of steps to enhance our security protocols and controls, technology, and training. We also continue to assess further options to protect our IT System. Additionally, we promptly notified law enforcement authorities,” the firm said on an FAQ page on its website.

A&A Services said in its Office of the Maine Attorney General notification: “Although A&A Services is not aware at this time that any third party has made any use of personal information as a result of this security incident, out of an abundance of caution, A&A Services is providing all affected individuals with free credit monitoring and identity theft protection for two (2) years.”

A number of healthcare organisations in the US have suffered major cyber attacks in a huge overall blow to the nation’s healthcare industry.

Major US healthcare organisation Change Healthcare was hacked in February, with a state-sponsored hacker originally to blame.

ALPHV was paid a ransom of US$22 million, which it then pocketed without paying the affiliate behind the attack, claiming it had been taken down by the FBI as an exit strategy. Despite an angry back and forth, the affiliate, Notchy, was never paid, and thus Change Healthcare’s systems were not restored, and stolen data was not deleted.

RansomHub then claimed to have the UnitedHealth subsidiary’s data and demanded that the organisation pay them a ransom.

After not paying the ransom a second time, RansomHub listed Change Healthcare’s data for sale. It was later discovered that the threat actors gained access to the company’s systems by using compromised credentials to access a company Citrix portal.

UnitedHealth chief executive Andrew Witty said that a “substantial proportion” of Americans were affected by the attack, only to later reveal that the number was “close to a third” of all Americans.

Witty also took responsibility for paying the US$22 million ransom.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.