CaptureRx Breach Compromises Data of Thousands of Patients

San Antonio, Texas-based health infrastructure technology company CaptureRx suffered a data breach. The health IT firm initially suffered the cybersecurity incident earlier in February 2021, but it has only disclosed the matter just this May. The breach reportedly compromised thousands of patient data.

CaptureRx is a third-party vendor for numerous healthcare providers. It aids in reducing prescription drug costs under the 340B drug program by extending their IT systems to help hospitals manage their respective drug programs, notes Becker’s Hospital.


It currently provides its services to different hospitals in the United States. It counts Gifford Health Care of Randolph in Vermont, Mohawk Valley Health System affiliate Faxton St. Luke’s Healthcare located in New York, Thrifty Drug Stores (Thrift White), and many others.

CaptureRx Data Breach Compromises Patients Data

The San Antonio-based health IT company reportedly suffered a ransomware attack on February 6, 2021. Weeks after on February 19, 2021, the firm gained insight that the attack launched allowed threat actors to obtain certain files, reports Infosecurity Magazine.


In total, Infosecurity Magazine said that the attack exposed the personal health information and other related files of approximately 24,000 people. Of this cybersecurity incident, it was revealed that the attack impacted 17,6555 patients from Faxton St. Luke’s Healthcare. Meanwhile, the remaining 6,777 patients reportedly hailed from Gifford Health Care.

The company is still in the process of identifying how many individuals have been affected by the matter.

Among the information compromised by the data security incident include the personal data of users. These include their names, including the patient’s first and last name, their date of birth, prescription information, and in some cases, their medical record number.


Upon discovering the extent of the matter, CaptureRx announced in its press release that it notified affected healthcare providers between March 30, 2021, and April 7, 2021. The company has also started its process of notifying affected individuals about the incident.

In a statement by the company, it said that “Data privacy and security are among CaptureRx’s highest priorities, and there are extensive measures in place to protect information in CaptureRx’s care… As part of CaptureRx’s ongoing commitment to the security information, all policies and procedures are being reviewed and enhanced and additional workforce is being conducted to reduce the likelihood of a similar future event.”

Individuals who are concerned about the safety and security of their personal data may contact CaptureRx at their dedicated assistance line at (855) 654-0919 Mondays to Fridays from 9 am to 9 pm Eastern Time. Moreover, individuals are also urged to constantly monitor their accounts.

No posts to display