Ransomware Attack on GenRx Pharmacy and Additional Blackbaud Ransomware Attack Victims

GenRx Pharmacy in Scottsdale, AZ is notifying selected patients regarding the potential compromise of their protected health information (PHI) due to a ransomware attack. The pharmacy detected the attack on September 28, 2020. On that same day, its IT team acted right away and ended the access of the attacker to the system. The investigation affirmed the deployment of ransomware on 27 September but prior to using the ransomware, the attacker exfiltrated a number of files including protected health information.

An evaluation of the compromised files showed that they comprised PHI like names, addresses, birth dates, gender, patient IDs, allergy details, prescription transaction IDs, prescription medication lists, health plan data, and prescription details. The pharmacies don’t get Social Security numbers and do not retain financial data, and so there’s no compromise of that information. GenRx Pharmacy had legitimate backups that were utilized to recover the encrypted details and did not pay the ransom.

Even though the number of persons affected is at this time uncertain, GenRx Pharmacy said under 5% of existing patients were impacted. Since the attack occurred, GenRx has enhanced its firewall, anti-virus software program, used a web filter, improved network checking, integrated multi-factor authentication, and put in a real-time breach detection system. It provided employees with additional training and reviewed internal policies and procedures as needed. More controls and measures are likewise being reviewed to strengthen security.

Blackbaud Ransomware Attack Affected Nebraska Methodist Health System and Texas Tech University Health Sciences Center

Two more victims of the Blackbaud ransomware attack have confirmed being affected by the event.

Nebraska Methodist Health System has affirmed that some of the personal data and PHI of 39,912 people were compromised in the attack. Texas Tech University Health Sciences Center has announced that the breach affected 37,000 persons.

Both entities use the customer relationship management and financial services tools of Blackbaud for fundraising functions. Between February 7, 2020 and May 20, 2020, cyber hackers acquired access to Blackbaud’s systems and might have grabbed backup copies of customer data files just before deploying ransomware. Blackbaud settled the ransom demand and the attackers gave assurance of deleting the stolen data.

Nebraska Methodist Health System mentioned the compromise of the following information: Names, demographic and contact details, medical record numbers, reasons for consultations, treating physicians, treating center, and patient types (i.e. emergency outpatient, inpatient surgery, or observation).

The Texas Tech University Health Sciences Center database included names, mailing email addresses, telephone numbers, dates of birth, TTUHSC medical record numbers, names of physicians and specialties.