More than 1.6 million patients may have had data compromised in a hack at NEC Networks, a company that provides services to hospitals, pharmacies and other healthcare providers under the name CaptureRx.
The data breach may have exposed data on an estimated 1,656,569 patients of CaptureRx's provider customers, according to a report that the company submitted to HHS' Office for Civil Rights on May 5. The HHS agency publicly posted the report to its online database of healthcare data breaches in an update this week.
CaptureRx in February discovered files containing patient names, dates of birth and prescription data had been accessed and acquired by an unauthorized user earlier in the month.
CaptureRx sells tools to manage inventory and claims processing for prescriptions filled at pharmacies, including conducting eligibility checks to ensure prescriptions comply with requirements of the 340B drug program.
It's unclear when CaptureRx first discovered signs of the breach.
In a notice CaptureRx posted online on May 5, the company said it began investigating after it "recently became aware of unusual activity involving certain of its electronic files."
CaptureRx in March determined which patients had been affected by the hack, and between March 30 and April 7 CaptureRx began notifying affected customers. CaptureRx and its affected customers—which include Walmart and facilities that are part of UPMC and Ascension health systems—are working together to notify affected patients, according to CaptureRx.
In a notice posted online by Ascension Standish (Mich.) Hospital, the hospital said CaptureRx has retrieved the patient data from the hackers, who confirmed there are no other copies.
CaptureRx did not immediately respond to a request for comment.
"Data privacy and security are among CaptureRx's highest priorities, and there are extensive measures in place to protect information in CaptureRx's care," reads CaptureRx's May 5 notice. "As part of CaptureRx's ongoing commitment to the security of information, all policies and procedures are being reviewed and enhanced and additional workforce training is being conducted to reduce the likelihood of a similar future event."