May 28, 2024 at 06:29PM
Sav-Rx informed 2.8 million individuals of a potential data breach, which occurred over seven months ago. The company discovered an IT intrusion in October, restored systems, and initiated an investigation, revealing unauthorized access to personal information. Affected data may include names, social security numbers, and more. Sav-Rx offers free credit and identity monitoring for two years.
From the meeting notes provided, it appears that Sav-Rx experienced a significant IT intrusion that resulted in the likely theft of personal information belonging to approximately 2.8 million individuals. The intrusion was discovered in October of the previous year, and the company took measures to restore its IT systems and investigate the incident. However, the notification to affected parties was delayed, with the company confirming the breach and notifying the affected individuals several months later.
Sav-Rx has highlighted that no clinical or financial information was accessed by the unauthorized party and has taken steps to provide two years of free credit and identity monitoring to those impacted. Additionally, the company has outlined various security measures that have been implemented to enhance its cybersecurity defenses following the breach, such as enhancing its security operations center, adding new firewalls, antivirus software, and multi-factor authentication, as well as implementing a patching cycle and network segmentation.
Notably, there has been criticism from external experts, such as Roger Grimes of KnowBe4, regarding the delay in notifying impacted customers, with the general consensus being that the eight-month delay is unlikely to be acceptable to customers or regulatory bodies.
Overall, it is evident that while Sav-Rx has taken steps to address the breach and improve its security posture, the delay in notifying affected individuals has attracted negative attention and may warrant further explanation and potential repercussions for the company.