MetroHealth data security incident affects patient information
Anyone with questions should call the CaptureRX toll-free hotline at 855-654-0919 Monday through Friday, 9 a.m. to 9 p.m. EST.
CLEVELAND – A ransomware attack in early 2021 put the personal health information of patients at MetroHealth Medical Center and several other local pharmacies at risk.
CaptureRX first learned of a breach in its 340b drug pricing software in February, but patients might just now find out that their data was involved. CaptureRX reports that names, dates of birth and prescribing information have been taken.
3News obtained a statement on the incident from MetroHealth on Friday morning. MetroHealth officials say CaptureRX took action upon notification of the event by immediately changing all user passwords. There was no impact on MetroHealth’s systems or on patient care.
“Going forward, CaptureRx is taking a number of steps to strengthen its existing security procedures, including reviewing and improving information security policies and procedures, where appropriate, strengthening firewall rules and Workforce training is implemented to reduce the likelihood of a similar incident. according to the MetroHealth statement.
Pharmacies customers of Discount Drug Mart, Giant Eagle, Rite Aid, Meijer and other suppliers may also have been exposed. CaptureRX has informed affected patients as well as advice on steps they can take to prevent the misuse of their personal information.
If you haven’t received a notification letter, but want to verify that you’re not affected, you can also call CaptureRx to verify you’re not on the list. This hotline, 855-654-0919, is open Monday through Friday, 9 a.m. to 9 p.m. EST.
“CaptureRx and MetroHealth are taking this incident and the security of personal information very seriously,” MetroHealth officials said in their statement. “CaptureRx continues to explore ways to further improve the security of its systems to better protect against future incidents of this type. “
Additionally, MetroHealth has provided the following timeline related to the situation:
- February 19, 2021: The investigation determined that some files were viewed and acquired on February 6, 2021 without authorization. The root cause of the CaptureRx data security incident was a vulnerability identified with the third-party hosted build server, which was subsequently exploited. This allowed the threat actor to obtain credentials allowing him to access the server.
- On or around March 19, 2021: CaptureRx determined that the relevant files contained the patient’s first name, last name, date of birth, and prescribing information. There was no impact on MetroHealth’s systems or on patient care.
“Just like that, that’s all the data you need to do identity theft,” said Tyler Hudak of Strongsville’s Trusted Sec. He leads the Incident Response Team, which responds locally to ransomware attacks every week. He says the pandemic has made matters worse.
“With the increase in remote working over the past year, this has absolutely contributed to the number of attacks that occur and the ease with which some of these attacks occur,” said Hudak. Home networks are often not as secure and employees are not as leery of phishing emails as we should be.
The federal government is now also getting involved. This week, the Justice Department announced it was able to trace and return part of the Colonial Pipeline ransom paid in May, in the attack that disrupted gas supplies to the east coast.
DOJ’s new Ransomware and Digital Extortion Task Force is working with the U.S. Attorney’s Office here in Cleveland.
“It appeals to a lot of very experienced people who are very well equipped to respond to threats and are trying to identify where we, as a country, as a government, can strengthen our defenses,” the US prosecutor said. Acting Bridget Brennan.
SUBSCRIBE: Get the headlines of the day delivered to your inbox every weekday morning with free 3News to GO! bulletin