Direct Scripts, a pharmacy benefit management service provider in Ohio, recently notified more than 9,300 patients after discovering that they had been the victim of a ransomware attack.
Direct Scripts became aware of the attack on January 30, and immediately launched an investigation to determine what had happened and if any patient protected health information had been accessed or acquired. A notice on their web site dated February 22 explains:
The information potentially involved may include customer names, addresses, and prescription information, but the impacted server did not and does not store customer Social Security numbers or credit card information. While there is no evidence that any sensitive or personal information has been misused, Direct Scripts has sent notification letters to all potentially impacted customers.
Based on their investigation, Direct Scripts states that they do not believe any customers’ personal information was at risk, but they have created a web site and have other support available to those with questions or concerns. Their full notification can be found here.