/

CVS Data Breach: What & How It Happened?

CVS Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In March 2021, CVS Health faced a data breach where several records were unintentionally exposed online. The exposed data included various customer details. Another incident occurred in April 2024, when a hacking group claimed to have stolen data related to CVS Caremark and Medicare during a cyberattack. Additionally, in the same month, CVS Group experienced a cyberattack that disrupted operations and potentially compromised personal information.

How many accounts were compromised?

The breaches collectively impacted data related to over 1 billion individuals.

What data was leaked?

The data exposed in the breaches included customer email addresses, user IDs, customer searches on CVS Pharmacy websites for COVID-19 vaccines and other medications, CVS Caremark and Medicare data, and potentially compromised personal information.

How was CVS hacked?

In the CVS Health breach, unprotected databases led to the accidental exposure of over 1 billion search records. In the UnitedHealth Group's Change Healthcare cyberattack, a hacking gang called notchy claimed to have stolen data, including CVS Caremark and Medicare information. The methods used in the CVS Group veterinary services provider attack remain unclear, but it caused operational disruptions and potentially compromised personal information.

CVS's solution

In response to the hacking incidents, CVS Health and CVS Group took several measures to enhance security and prevent future breaches. CVS Health worked with the vendor to quickly take the exposed database down and addressed the issue with the vendor to prevent a recurrence. CVS Group, on the other hand, increased levels of security and monitoring, and plans to migrate its IT infrastructure to the cloud to improve service security and operational efficiency. Both companies engaged with third-party specialists to investigate the attacks and informed relevant authorities as personal information might have been compromised.

How do I know if I was affected?

CVS Health and CVS Group have not explicitly mentioned reaching out to affected users in the reported breaches. If you believe you may have been affected, you can visit Have I Been Pwned to check if your email has been compromised in a data breach.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For more specific help and instructions, please contact CVS support directly.

Where can I go to learn more?

If you want to find more information on the CVS data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVS Data Breach: What & How It Happened?

CVS Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In March 2021, CVS Health faced a data breach where several records were unintentionally exposed online. The exposed data included various customer details. Another incident occurred in April 2024, when a hacking group claimed to have stolen data related to CVS Caremark and Medicare during a cyberattack. Additionally, in the same month, CVS Group experienced a cyberattack that disrupted operations and potentially compromised personal information.

How many accounts were compromised?

The breaches collectively impacted data related to over 1 billion individuals.

What data was leaked?

The data exposed in the breaches included customer email addresses, user IDs, customer searches on CVS Pharmacy websites for COVID-19 vaccines and other medications, CVS Caremark and Medicare data, and potentially compromised personal information.

How was CVS hacked?

In the CVS Health breach, unprotected databases led to the accidental exposure of over 1 billion search records. In the UnitedHealth Group's Change Healthcare cyberattack, a hacking gang called notchy claimed to have stolen data, including CVS Caremark and Medicare information. The methods used in the CVS Group veterinary services provider attack remain unclear, but it caused operational disruptions and potentially compromised personal information.

CVS's solution

In response to the hacking incidents, CVS Health and CVS Group took several measures to enhance security and prevent future breaches. CVS Health worked with the vendor to quickly take the exposed database down and addressed the issue with the vendor to prevent a recurrence. CVS Group, on the other hand, increased levels of security and monitoring, and plans to migrate its IT infrastructure to the cloud to improve service security and operational efficiency. Both companies engaged with third-party specialists to investigate the attacks and informed relevant authorities as personal information might have been compromised.

How do I know if I was affected?

CVS Health and CVS Group have not explicitly mentioned reaching out to affected users in the reported breaches. If you believe you may have been affected, you can visit Have I Been Pwned to check if your email has been compromised in a data breach.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For more specific help and instructions, please contact CVS support directly.

Where can I go to learn more?

If you want to find more information on the CVS data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVS Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In March 2021, CVS Health faced a data breach where several records were unintentionally exposed online. The exposed data included various customer details. Another incident occurred in April 2024, when a hacking group claimed to have stolen data related to CVS Caremark and Medicare during a cyberattack. Additionally, in the same month, CVS Group experienced a cyberattack that disrupted operations and potentially compromised personal information.

How many accounts were compromised?

The breaches collectively impacted data related to over 1 billion individuals.

What data was leaked?

The data exposed in the breaches included customer email addresses, user IDs, customer searches on CVS Pharmacy websites for COVID-19 vaccines and other medications, CVS Caremark and Medicare data, and potentially compromised personal information.

How was CVS hacked?

In the CVS Health breach, unprotected databases led to the accidental exposure of over 1 billion search records. In the UnitedHealth Group's Change Healthcare cyberattack, a hacking gang called notchy claimed to have stolen data, including CVS Caremark and Medicare information. The methods used in the CVS Group veterinary services provider attack remain unclear, but it caused operational disruptions and potentially compromised personal information.

CVS's solution

In response to the hacking incidents, CVS Health and CVS Group took several measures to enhance security and prevent future breaches. CVS Health worked with the vendor to quickly take the exposed database down and addressed the issue with the vendor to prevent a recurrence. CVS Group, on the other hand, increased levels of security and monitoring, and plans to migrate its IT infrastructure to the cloud to improve service security and operational efficiency. Both companies engaged with third-party specialists to investigate the attacks and informed relevant authorities as personal information might have been compromised.

How do I know if I was affected?

CVS Health and CVS Group have not explicitly mentioned reaching out to affected users in the reported breaches. If you believe you may have been affected, you can visit Have I Been Pwned to check if your email has been compromised in a data breach.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For more specific help and instructions, please contact CVS support directly.

Where can I go to learn more?

If you want to find more information on the CVS data breach, check out the following news articles: