On June 3, Catholic Health was notified by a third-party pharmaceutical software vendor, CaptureRx, of a data breach that impacted patients from Mount St. Mary’s and Sisters of Charity hospitals along with other local and national healthcare providers. The breach involved patient information, including name, date of birth, and prescription data, from files that were accessed on February 6, 2021. No other identifying information such as demographic, social security number or bank account information was included in the data breach.

CaptureRx immediately began an investigation into this activity and worked quickly to assess the security of its systems, conducting a thorough review of the files to determine whether sensitive information was present at the time of the incident. On or around March 19, 2021, CaptureRx confirmed that private information was compromised.

Since making its discovery, CaptureRx has notified its business partners of the data breach. As part of its ongoing commitment to information security, all policies and procedures are being reviewed and enhanced. Additional workforce training is being conducted to reduce the likelihood of a similar event in the future. To date, the investigation has found no evidence of actual or attempted misuse of this information as a result of this incident.

“We go to great lengths to protect the privacy of our patients and any information related to their care,” said Kimberly Whistler, Catholic Health Corporate Compliance & Privacy Officer. “All patients whose names and information were affected will be notified next week by CaptureRx. Because the breach did not include any financial information, we believe it poses little risk to patients, however, as a precaution, it’s always wise to monitor your accounts and credit information and report any suspicious activity or suspected identify theft to the proper authorities.”

CaptureRx, a healthcare IT company based in San Antonio, Texas, provides services to help healthcare systems manage pharmaceuticals related to Medicaid and other programs. Individuals who have any questions related to this data breach, should call (toll free) 855-654-0919, Monday through Friday, from 9 a.m. to 9 p.m.