Sav-Rx data incident affects 2.8M people

The medication management provider Sav-Rx has suffered a data breach, affecting the personal information of roughly 2.8 million people.

Sav-Rx noticed that an unauthorized actor had accessed its computer network. The company took steps to secure its systems while engaging with third-party cybersecurity experts.

“As part of the investigation, we learned that an unauthorized third party was able to access certain non-clinical systems and obtained files that contained health information,” Sar-Rx said.

Sav-Rx operates under A&A Services and provides medication benefit management services to patients’ health plans. The company receives sensitive information from patients' healthcare plans and providers to deliver these services.

The information impacted includes:

  • Names
  • Dates of birth
  • Social Security numbers
  • Email addresses
  • Addresses
  • Phone numbers
  • Eligibility data
  • Insurance identification numbers

Sav-Rx emphasizes that the threat actor did not access clinical or financial information.

Upon investigation, the company found that the threat actor accessed non-clinical systems and discovered that on April 30th, 2024, the unauthorized third party had access to personal information.

However, the threat actor accessed Sav-Rx’s systems on or around October 3rd, 2023.

Sav-Rx states that external cybersecurity experts contained the incident and confirmed that all data acquired from their IT system was “destroyed and not further disseminated.”

“We have taken a number of steps to enhance our security protocols and controls, technology, and training. We also continue to assess further options to protect our IT System. Additionally, we promptly notified law enforcement authorities,” Sav-RX said.

Sav-Rx provides affected individuals complimentary access to 24 months of credit monitoring and identity theft restoration services through Equifax.