Sav-Rx Prescription Services Data Breach Investigation
The Lyon Firm is investigating a large data security incident at Sav-Rx (A&A Services) following a cyberattack that occurred over seven months ago. It is not entirely clear why the company failed to contact impacted individuals sooner, but they have explained that their internal investigation began in October 2023.
Contact our data breach lawyers to learn more about how to protect yourself following any data theft event and to discuss possible legal action. We have filed numerous class action data breach lawsuits on behalf of plaintiffs nationwide. Call for a free case review and confidential consultation.
What Happened at Sav-Rx Presription Services?
The company is notifying 2,812,336 individuals regarding a cyberattack that exposed sensitive personal information. Sav-Rx has released a statement that notes that an “interruption” to their computer network resulted in an unauthorized third party being able to access non-clinical systems and obtain certain files that contained personal information. Sav-Rx first became aware of the incident on Sunday, October 8, 2023.
The company notified the Maine Attorney General’s office of the cybersecurity incident and has begun warning over 2.8 million individuals that their personal data was stolen in the 2023 cyberattack. Those affected are possibly current or former employees or those who use their medication benefit management services.
A&A Services, doing business as Sav-RX, is a pharmacy benefit management company that provides prescription drug management services to employers, unions, and other organizations.
The type of personal data compromised in this data breach incident includes:
- Name
- Date of birth
- Social Security Number (SSN)
- Email address
- Physical address
- Phone number
- Eligibility data
- Insurance identification number
In an FAQ page on its website, Sav-Rx explained that it took them eight months to send out data breach notification letters to impacted customers because they did not have sufficient contact information to notify some individuals. They also noted that their initial priority was to minimize the impact on their IT systems and protect patient care operations before launching a full investigation with the assistance of experts. Some health plan customers, however, were notified earlier, between April 30 and May 2, 2024.
“Our initial priority was restoring systems to minimize any interruption to patient care,” the company has stated. “The incident did not affect our pharmacy systems, including those systems related to our mail order pharmacy. Not all customers were impacted, and not all health plan participants were impacted.”
There is currently no evidence that the stolen information has been misused or leaked to the dark web, but that is always a distinct possibility in these cases. Anyone who is contacted by A&A about this incident should understand the potential for an increased risk of fraud and medical identity theft. The alleged compromised data includes information (full name, date of birth, Social Security Number (SSN), email address, physical address, and phone number) that criminals can use in various fraudulent schemes.
More About A&A Services
A&A, operating as Sav-Rx Prescription Services, is an independent, Medication Benefit Manager based in Fremont, Nebraska. They offer a retail network, mail order pharmacy, specialty pharmacy, account management, project management, and client services. The company works with almost a thousand Union Health and Welfare Funds, plan sponsors, and millions of American workers.
Our data breach lawyers believe that any entity that collects and stores your personal data has a legal and ethical responsibility to protect it to the best of their ability. We expect companies to build and maintain properly secure IT networks, and when these measures prove ineffective, a company can be held accountable for the loss of sensitive data.