Pharmacy Benefit Manager Sav-Rx Data Breach Impacts 2.8 Million Americans

Written by Mitchell Langley

May 28, 2024

Pharmacy Benefit Manager Sav-Rx Data Breach Impacts 2.8 Million Americans

The Sav-Rx Data Breach Has Compromised Sensitive Information of Almost 2.8 Million Americans.

Sav-Rx First Noticed the Cybersecurity Incident on October 8, 2023

Sav-Rx, a pharmacy benefit management (PBM) company that provides prescription drug management services disclosed a data breach on May 27, 2024 that impacted 2,812,336 people in the United States.

According to the notification sent to affected individuals, Sav-Rx first identified an interruption to their computer network on October 8, 2023.

“As a result, we immediately took steps to secure our systems and engaged third-party cybersecurity experts,” the notification reads. “Our information technology systems (“IT System”) were restored the next business day, and prescriptions were shipped on time without delay.”

While Sav-Rx was able to restore its systems and resume operations within a day, investigating whether any personal data was stolen took much longer, spanning nearly eight months according to the notification.


Hackers Accessed Customer Data as Early as October 3, 2023

With the help of third-party cybersecurity experts, Sav-Rx’s investigation concluded on April 30, 2024. The probe revealed that unauthorized parties first gained access to customer data stored on certain non-clinical systems as early as October 3, 2023.

“As part of the investigation, we learned that an unauthorized third party was able to access certain non-clinical systems and obtained files that contained personal information,” the notification from Sav-Rx states.

Types of Data Exposed in the Sav-Rx Data Breach

The personal information exposed in the Sav-Rx data breach includes:

  • Full name
  • Date of birth
  • Social Security Number
  • Email address
  • Physical address
  • Phone number
  • Eligibility data
  • Insurance identification number

Over 2.8 million people had some combination of this sensitive personal data compromised according to the breach notification.

Sav-Rx Sends Notifications and Offers Credit Monitoring

While Sav-Rx prioritized restoring operations over performing a full investigation initially, the company notes it did not rush the investigative process to ensure accuracy. Health plan customers of Sav-Rx were notified between April 30 and May 2, 2024, before the company sent breach notifications to affected individuals in late May 2024.

Sav-Rx is offering all impacted individuals 24 months of free credit monitoring and identity theft protection services. Those affected are also advised to monitor credit reports and financial accounts for any suspicious activity.

Sav-Rx Strengthened Security Measures Following the Data Breach

In response to Sav-Rx data breach, the company has implemented several new security controls and processes. This includes deploying a 24/7 security operations center, enforcing multi-factor authentication, improving network segmentation, upgrading firewalls and switches, enhancing Linux security, and using BitLocker encryption to protect data.

While no evidence currently exists that stolen data from the Sav-Rx breach has been misused, the compromise of names, financial information, medical ids and social security numbers puts the 2.8 million affected Americans at heightened risk of identity theft and fraud.

Related Articles

How AI is Revolutionizing Phishing Attacks

How AI is Revolutionizing Phishing Attacks

 -  New: New Phishing attacks have long been a major concern for enterprise organizations wordwide. As technology continues to advance, cybercriminals are finding new and innovative ways to exploit vulnerabilities and deceive unsuspecting individuals. In recent years,...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!