VectraRx Mail Pharmacy Services has disclosed a data breach that exposed sensitive health information of 109,383 individuals, including prescription details and Social Security numbers.
On December 13, 2024, VectraRx detected unusual activity in its computer systems. A subsequent investigation by third-party cybersecurity experts confirmed unauthorized access to the company's network, potentially allowing attackers to view and copy sensitive patient data.
On February 6, 2025, the Arizona-based mail-order pharmacy filed notices with the Texas Attorney General and the U.S. Department of Health and Human Services Office for Civil Rights. The company has begun mailing notification letters to affected individuals.
The compromised data includes highly sensitive information such as names, Social Security numbers, dates of birth, prescription numbers and details, and dates of service. This type of comprehensive medical and personal information could put patients at risk for both identity theft and healthcare fraud.
VectraRx has not disclosed when the unauthorized access began or how long it lasted. The company is offering affected individuals between 12 and 24 months of complimentary credit monitoring and identity theft restoration services.
Multiple law firms, including Levi & Korsinsky, have announced investigations into the breach to determine potential compensation for affected individuals. The firms are evaluating whether VectraRx may be held liable for failing to secure personal data.
The breach exposed names, Social Security numbers, dates of birth, prescription information, and dates of service. The specific data varies by individual.
Those who receive notification letters should enroll in the offered credit monitoring services and carefully monitor their financial and medical statements for suspicious activity.
VectraRx is mailing notification letters to all affected individuals with details about their specific exposure and instructions for credit monitoring enrollment.