History
2024: Data breach of 2.8M Americans
At the end of May 2024, the American drug prescription company Sav-Rx reported a data breach of more than 2.8 million customers, which occurred in October 2023.
According to Sav-Rx, company employees discovered a malfunction in their computer network on October 8, 2023. In response, the company activated standard responses - securing its systems, hiring cybersecurity experts, informing law enforcement and launching an investigation.
According to the company, violations in the network were eliminated during the day and did not lead to a delay in the issuance of medicines. However, in the future, the investigation established that as a result of the failure, the data of a number of patients that became available to a third party was leaked. The problem only affected participants in the Sav-Rx benefits program. In compensation, Sav-Rx gave affected customers free access to service for 24 months.
The company did not provide additional data on the hack, but its systems are believed to have been targeted by the ransomware virus. It should be noted that although the hack occurred in October 2023, the company informed customers only eight months later, motivating its decision by the fact that it received the results of the investigation only on April 30, 2024.
It is unlikely that the decision of Sav-Rx to notify the affected persons six months after the hack will satisfy customers, "said Roger Grimes, a cybersecurity training expert at KnowBe4. - Most companies inform affected customers within days or weeks. Whoever decides to postpone the notification of the affected persons for eight months will not receive the warmest welcome.[1] |