Back to Blog
high severity March 31, 2026 · scope unconfirmed

MC-Rx Listed by genesis Ransomware Group

Formerly MC-21 and ProCare PBM

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed March 31, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On March 31, 2026, pharmacy benefit management company MC-Rx appeared on the leak site of the Genesis ransomware group, with attackers claiming to have exfiltrated internal files from the organization formerly known as MC-21 and ProCare PBM.

Confirmed Details of the Breach

Public reporting indicates the incident involves a ransomware attack in which Genesis operators say they stole internal company files. The exact number of people affected remains unknown, and the precise data types have not been fully detailed in available listings. The company provides pharmacy benefit management services, handling prescription drug coverage for insurers, employers, and patients. As of the listing date, March 31, 2026, the files were posted on the Genesis leak site hosted on the dark web.

Why This Matters for You and Your Family

When a pharmacy benefit manager is breached, the information at risk often includes prescription records, insurance details, Social Security numbers, addresses, and payment information tied to your health coverage. This kind of personal health and financial data can be used to commit identity theft, file fraudulent claims, or target you with highly personalized scams. For families, a single breach can expose every household member listed on the same insurance plan, including children. Once your information is loose on criminal forums, it rarely disappears and can resurface years later.

The Doxxing and Identity-Chain Risks

Credential leaks and internal files from healthcare vendors frequently cascade into larger doxxing campaigns. Attackers combine exposed emails, phone numbers, and policy details with data from other breaches to map your online handles to your real identity. This chain can lead to account takeovers on email, banking, or social media, and in some cases extends to gaming accounts where children use family email addresses or shared phones. Public reporting shows these identity chains accelerate harassment, swatting, and extortion once a clear link between your digital life and physical address is established.

Genesis Ransomware Group Track Record

Public reporting attributes the attack to the Genesis ransomware group, which emerged several years ago and has targeted organizations across multiple sectors. The group is known for its double-extortion playbook: it first exfiltrates data, then encrypts systems, and finally pressures victims by threatening to publish stolen files on its leak site if ransom demands are not met. Notable prior victims have included companies in healthcare, technology, and professional services, according to listings tracked by ransomware monitoring services.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can break the chains before criminals exploit them.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught and addressed in hours rather than months.
  • Rotate any password you used at MC-Rx or its predecessor companies wherever it has been reused, and switch to 2FA using an authenticator app instead of SMS.
  • Cover the entire household with DoxxScan family protection that extends to dependents and children's gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and exposed records so you do not have to negotiate with each site yourself.

The incident is a reminder that healthcare vendors hold some of the most sensitive details about your daily life, and a single listing on a ransomware site can put your family in the crosshairs for months or years. Start your DoxxScan trial and let its continuous monitoring, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage—including children's gaming accounts—work on your behalf. DoxxScan by GalaxyWarden gives ordinary families the same early warning and cleanup capabilities once reserved for large organizations.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.