CLEVELAND, Ohio (WJW) – MetroHealth hospitals says some of its patient’s personal information was accessed in a software hack of one of its vendors, CaptureRx.
In a statement from MetroHealth, it says CaptureRx “became aware of unusual activity” involving some of its electronic files.
“On February 19, 2021, the investigation determined that certain files were accessed and acquired on February 6, 2021 without authorization. The root cause of the CaptureRx data security incident was an identified vulnerability with the build server hosted by a third-party, which was then exploited. This allowed the threat actor to gain credentials that allowed access to the server. On or around March 19, 2021, CaptureRx determined that the relevant files contained patient’s first name, last name, date of birth, and prescription information.”MetroHealth statement
MetroHealth says there was no impact to its systems or patient care.
“Both CaptureRx and MetroHealth take this incident and the security of personal information very seriously,” the statement continues.
“Upon learning about this event, CaptureRx immediately changed all user passwords. Moving forward, CaptureRx is taking a number of steps to harden its existing security procedures…”
The statement says affected patients will be alerted.
If you have any questions, call CaptureRx’s toll-free dedicated assistance line at (855) 654 – 0919, Monday through Friday, 9:00 a.m. to 9:00 p.m.