Home » MetroHealth data security incident impacts patient information
General News

MetroHealth data security incident impacts patient information



Anybody with questions is asked to call CaptureRX’s toll-free assistance line at 855-654-0919 Monday through Friday from 9 a.m. to 9 p.m. EST.

CLEVELAND — The MetroHealth System in Cleveland is addressing a “data security incident,” which they say impacted personal information for some of their patients. MetroHealth officials say they recently learned of the issue involving one of its vendors – CaptureRX – which is a 340B software management provider.

3News obtained a statement about the incident from MetroHealth on Friday morning.

“Specifically, CaptureRx recently became aware of unusual activity involving certain of its electronic files,” according to MetroHealth’s statement. “Following this, CaptureRx immediately began an investigation into this activity and worked quickly to assess the security of its systems.”

MetroHealth officials say CaptureRX took action once learning of the event by immediately changing all user passwords.

“Moving forward, CaptureRx is taking a number of steps to harden its existing security procedures, including reviewing and enhancing information security policies and procedures where appropriate, hardening firewall rules and workforce force training is being implemented to reduce the likelihood of a similar incident,” according to MetroHealth’s statement.

CaptureRX has notified impacted patients of the incident along with guidance on what steps they can take to prevent misuse of their personal information.

“Both CaptureRx and MetroHealth take this incident and the security of personal information very seriously,” MetroHealth officials said in their statement. “CaptureRx continues to explore ways to further enhance the security of its systems to better protect against future incidents of this kind.”

Additionally, MetroHealth provided the following timeline connected to the situation:

  • Feb. 19, 2021: The investigation determined that certain files were accessed and acquired on February 6, 2021 without authorization. The root cause of the CaptureRx data security incident was an identified vulnerability with the build server hosted by a third-party, which was then exploited. This allowed the threat actor to gain credentials that allowed access to the server.
  • On or around March 19, 2021: CaptureRx determined that the relevant files contained patient’s first name, last name, date of birth and prescription information. There was no impact to the systems of MetroHealth or patient care.

Anybody with questions is asked to call CaptureRX’s toll-free assistance line at 855-654-0919 Monday through Friday from 9 a.m. to 9 p.m. EST.

SUBSCRIBE: Get the day’s top headlines sent to your inbox each weekday morning with the free 3News to GO! newsletter



Source link

About the author

admin

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *