MC-Rx Listed by genesis Ransomware Group
Formerly MC-21 and ProCare PBM
On March 31, 2026, pharmacy benefit management company MC-Rx appeared on the leak site of the Genesis ransomware group, with attackers claiming to have exfiltrated internal files from the organization formerly known as MC-21 and ProCare PBM.
Confirmed Details of the Breach
Public reporting indicates the incident involves a ransomware attack in which Genesis operators say they stole internal company files. The exact number of people affected remains unknown, and the precise data types have not been fully detailed in available listings. The company provides pharmacy benefit management services, handling prescription drug coverage for insurers, employers, and patients. As of the listing date, March 31, 2026, the files were posted on the Genesis leak site hosted on the dark web.
Why This Matters for You and Your Family
When a pharmacy benefit manager is breached, the information at risk often includes prescription records, insurance details, Social Security numbers, addresses, and payment information tied to your health coverage. This kind of personal health and financial data can be used to commit identity theft, file fraudulent claims, or target you with highly personalized scams. For families, a single breach can expose every household member listed on the same insurance plan, including children. Once your information is loose on criminal forums, it rarely disappears and can resurface years later.
The Doxxing and Identity-Chain Risks
Credential leaks and internal files from healthcare vendors frequently cascade into larger doxxing campaigns. Attackers combine exposed emails, phone numbers, and policy details with data from other breaches to map your online handles to your real identity. This chain can lead to account takeovers on email, banking, or social media, and in some cases extends to gaming accounts where children use family email addresses or shared phones. Public reporting shows these identity chains accelerate harassment, swatting, and extortion once a clear link between your digital life and physical address is established.
Genesis Ransomware Group Track Record
Public reporting attributes the attack to the Genesis ransomware group, which emerged several years ago and has targeted organizations across multiple sectors. The group is known for its double-extortion playbook: it first exfiltrates data, then encrypts systems, and finally pressures victims by threatening to publish stolen files on its leak site if ransom demands are not met. Notable prior victims have included companies in healthcare, technology, and professional services, according to listings tracked by ransomware monitoring services.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can break the chains before criminals exploit them.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught and addressed in hours rather than months.
- Rotate any password you used at MC-Rx or its predecessor companies wherever it has been reused, and switch to 2FA using an authenticator app instead of SMS.
- Cover the entire household with DoxxScan family protection that extends to dependents and children's gaming accounts that often chain back to the same addresses and emails.
- Let remediation specialists handle takedown requests across data brokers and exposed records so you do not have to negotiate with each site yourself.
The incident is a reminder that healthcare vendors hold some of the most sensitive details about your daily life, and a single listing on a ransomware site can put your family in the crosshairs for months or years. Start your DoxxScan trial and let its continuous monitoring, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage—including children's gaming accounts—work on your behalf. DoxxScan by GalaxyWarden gives ordinary families the same early warning and cleanup capabilities once reserved for large organizations.
Related breaches
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →