ARx Patient Solutions Gets Hacked and Waits Months to Inform 40k Victims
Table of Contents
- By Steven
- Jul 12, 2023
ARx is a healthcare provider based in Kansas. The company specializes in drug delivery systems and works with many different healthcare facilities. During regular work, the company handles patient information and is in charge of healthcare details as well as personal information. According to ARx, it was hacked in 2022, and nearly 40,000 people could be exposed because of the attack. Information about the attack is just coming out now, as of June and July of 2023, which means anyone involved has been at risk for months without realizing it.
How Did the Attack Occur?
According to ARx, sometime in 2022, an unauthorized user got on the network and began tampering with files. It's possible that a great deal of data was stolen during this intrusion, though the company states it quickly disconnected its servers, added protections, and hired cyber experts to conduct an investigation. The investigation determined that some personal and health-related data could have been stolen in this attack.
What Information Was Viewed or Stolen?
A great deal of health and personal data was taken during this data breach. The attackers were able to take health account numbers, doctor's names, Social Security numbers, prescription details, child patient names, and more. This data could be used for identity theft in some instances.
How Did ARx Admit to the Breach?
ARx didn't send a notice to the Maine Attorney General's office until July 3. The company admits that it suffered a security breach in 2022, so it's odd that it took so long to disclose details about the breach. ARx hasn't provided any information about why it waited so long to inform the public, but the extended wait has put users at more risk because the company never sent notification letters to the involved individuals until June 30, 2023. ARx claims that it doesn't suspect any of the information collected will be misused, but that seems unlikely.
What Will Become of the Stolen Information?
We have no way of knowing how the attackers will use the ARx data taken, but it's possible the information will be used for identity theft attacks or resold for a profit. Either way, if you are involved, you are at risk of having your credit ruined and new accounts opened in your name. It's also possible the data collected will be used for more convincing phishing attacks. If you receive text messages, emails, and other forms of communication requesting personal data from you, don't provide any personal details to these individuals.
What Should Affected Parties Do in the Aftermath of the Breach?
If you receive a notice from ARx about the breach, you should immediately use the provided credit monitoring and identity theft protection services offered in the letter. These services will help you watch for any strange changes. You should also take out credit reports from all the bureaus and look for odd changes that have already occurred so you can dispute them. ARx waited an extended period to inform anyone about this breach, which means your accounts could have already been compromised.