Updating: CaptureRx incident impacted almost 2 mllion people

For the past two months, DataBreaches.net has been tracking reports involving NEC Networks, LLC d/b/a CaptureRx. CaptureRx is a specialty pharmacy benefits manager whose services include prescription claims processing, patient assistance program administration, and public health service 340B drug program administration. CaptureRx provides these services for pharmacies and healthcare providers across the United States. In February, CaptureRx became aware of a compromise of their system(s). Although their statements have not labeled it as a “ransomware” incident, at least one of their covered entities has described it that way and most of the media coverage reports it as a ransomware incident. DataBreaches.net notes, however, that CaptureRx has not actually called it a ransomware incident, the threat actors have not been named, and there has been no disclosure as to whether there was any ransom demand, and if so, whether it was paid.  The incident has not shown up on any dedicated leak site associated with almost two dozen ransomware groups, which can mean that: (1) the compromise was not by any of those groups, (2) the compromise was by one of those groups but the victim paid the ransom to keep the data from being publicly dumped, or (3) it wasn’t a ransomware incident but perhaps something like a hack with data exfiltrated — with or without an extortion demand. We just don’t know for sure at this point because CaptureRx’s disclosures haven’t been specific or detailed on those points. This week, in its newest filing with a state regulator, we have learned that a total of 1,919,938 individuals (presumably patients) have been impacted by the incident. Here is an incomplete list of covered entities that have already been reported to have been impacted by a ransomware incident CaptureRx experienced. Where the number of affected patients is known, it is indicated in parentheses. We are obviously missing  alot of reports. Ascension St. Joseph Hospital (5807). Ascension Standish Hospital (1705} Bayhealth Brownsville Community Health Center (4258) Faxton St. Lukes (17655) Gifford Health (6777) Lourdes Hospital Thrifty Drug (3958 UPMC Cole and UPMC Wellsboro (7376) Walmart CaptureRx’s first press release was issued May 5.  Now they have issued a “second wave” release for additional people being notified. That release (embedded below), submitted to Maine’s attorney general, indicates that those being notified are not being offered any credit monitoring services. DataBreaches.net will continue monitoring this incident and will update this post as more details become available.DataBreaches.netRead More