Skip to content

Sav-Rx data breach exposes personal info of 2.8 million people

  • by
  • 3 min read

Prescription management company Sav-Rx has revealed that the personal data of over 2.8 million people was compromised in the October 3, 2023 cyberattack. The breach, which affected customers across the United States, has raised serious concerns about data security within the healthcare industry.

The information was released after the company filed a data breach notification with the Office of the Maine Attorney General.

Sav-Rx, officially known as A&A Services, operates as a pharmacy benefit management (PBM) company, delivering prescription drug management services to various employers, unions, and organisations nationwide.

On October 8, 2023, the company detected an interruption in its computer network, prompting immediate actions to secure its systems. Third-party cybersecurity experts were brought in to assist in the containment and remediation efforts.

Even after rapidly taking action to restore their IT systems and resumption of prescription shipments, the company took more than eight months to investigate the full extent of the attack.

The investigation was completed on April 30, 2024, and concluded that the breach occurred on October 3, 2023.

The company also disclosed that unauthorised actors had accessed non-clinical systems, extracting files containing sensitive personal information. The compromised data included individual’s full names, dates of birth, Social Security Numbers, email addresses, physical addresses, phone numbers, eligibility data, and insurance identification numbers.

In a FAQ page addressing the breach, Sav-Rx explained that the delay in notifying affected individuals was due to prioritising the continuity of patient care and ensuring a thorough investigation. Health plan customers and impacted organisations were informed between April 30 and May 2, 2024, with subsequent notifications sent to individuals.

The company faced challenges in reaching all affected parties due to insufficient contact information, prompting a public call for individuals to verify their status by contacting a dedicated hotline at 888-326-0815.

“We prioritised this technological investigation to be able to provide affected individuals with as much accurate information as possible. We received the investigation results on April 30, 2024, and promptly sent notifications to our health plan customers whose participant data was affected within 48 hours,” said the company.

In response to the breach, Sav-Rx has implemented several enhanced security measures, including establishing a 24/7 security operations centre, enforcing multi-factor authentication on critical accounts, network segmentation, enhanced geo-blocking, SSL certification cycling, upgraded firewalls and switches, strengthened Linux security, and deploying BitLocker encryption.

The company offers free credit monitoring and identity theft protection for two years through Equifax.

“While we have no evidence that you have been a victim of identity theft, we recommend you remain vigilant for incidents of fraud and identity theft, review your account statements, and monitor free credit reports,” said Sav-Rx.

In the News: RansomHub claims responsibility for cyberattack on Christie’s

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: