Welcome to the
Fraud of the Day Website!

Search
Close this search box.

Don’t Rush

Identity-IdentityVerification-IdentityTheft-IdentityFraud-4
Senior Director of Strategic Alliances
LexisNexis Risk Solutions - Government

Absolutely don’t rush Sav-Rx. Take your time. No need to notify customers that the company database has been hacked, until you are good and ready. Why hurry to share that the names, dates of birth, social security numbers, email addresses, mailing addresses, phone numbers, eligibility data, and insurance identification numbers of potentially 2,812,336 people were compromised back in October of 2023? What’s eight months for a fraudster? Besides everything?

Sav-Rx is a company that provides prescription drug benefit services to various organizations such as unions, employers, and health plans. On May 24,2024, Sav-Rx notified the Maine Attorney General’s office of a cybersecurity incident that occurred eight months prior which exposed the data of 2,812,336 people. Sav-Rx did jump into action. It’s just that protecting their clients’ identities wasn’t on the top of the list. Sav-Rx’s first reaction was to secure its systems and make sure it restores operations as quickly as possible. In a FAQ page on its site, Sav-Rx explains that it took them eight months to send out notices of breach to impacted customers because their initial priority was to minimize interruption to patient care before launching an investigation on the impact of the incident. They did it for the customer, not the Board of Directors? Business resumed as usual the next day, and prescriptions were shipped on time and without delay. Twenty-four hours after the hack, it looks like everyone took a nap.

Eight months later, Sav-Rx concluded that the hackers stole its customers’ sensitive data. Sav-Rx is quick to pat themselves on the back claiming that clinical data was not accessed. Hold the applause. Because the type of information stolen here is more than enough for any hacking group to use in identity theft, phishing, or social engineering attacks.

Shout out to Maine who shared this information as quickly as possible, despite Sav-Rx sitting on it for so long.

Today’s Fraud of The Day is based on article “Millions of US customers have social security numbers stolen in major Sav-Rx data breach” published by Tech Radar, May 28, 2024.

The hackers that hit Sav-Rx late in 2023 made away with sensitive data on more than 2.8 million people in the United States, the company has confirmed in a filing with the Maine Attorney General.

Sav-Rx is a pharmacy benefit manager (PBM), a company that provides prescription drug benefit services to various organizations such as unions, employers, and health plans. Its work includes the management and facilitation of prescription medication delivery, negotiations with drug manufacturers and pharmacies regarding prices, and more.

Related Articles

Get Your Fraud Fix!

Five days a week wake up to the most current fraud article in your inbox

Contact Us

Thank you for your interest in Fraud of the Day. For more information, please complete the following form.
To receive the most current fraud articles direct to your inbox, click the Subscribe button above.

"*" indicates required fields

This field is hidden when viewing the form
Would you like to subscribe to our Blog?
We respect your privacy.
This field is for validation purposes and should be left unchanged.

SUBSCRIBE TODAY

Fill out the form below to receive the Daily Fraud Highlight, the Weekly Fraud Summary or both. Thank you for your interest in FraudoftheDay.com.

"*" indicates required fields

Name*
Subscription Type*
This field is for validation purposes and should be left unchanged.