Another major US healthcare organization has been hacked, with potentially major consequences

American Associated Pharmacies allegedly fell prey to a ransomware attack
The attackers are saying the company paid for the decryptor
The group is asking for more money, to keep the stolen files private

American Associated Pharmacies (AAP) is joining the ever-growing list of American healthcare organizations to have suffered a ransomware attack.

Following the likes of Change Healthcare, Henry Schein, CommonSpirit, and many others, AAP appaears to have suffered the classic double whammy – having its sensitive data stolen, and its systems encrypted.

A report from The Register claims the company is yet to make an official statement regarding the attack, having only force-reset passwords for all of its users, and notify them of the change.

Say hi to Embargo

“All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites,” the company said in a short announcement. “Please click ‘forgot password’ on the log in screen and follow the prompts accordingly to reset your password.”

At the same time, the group that assumed responsibility for the attack is called Embargo. You can be excused for not hearing about them, as they’re a relatively new group. ESET seems to be the first to spot the new actor, when it used endpoint detection and response (EDR) killing tools to drop its payload, last June. It also observed the group using a Rust-based ransomware kit.

New or not, Embargo claims to have stolen almost 1.5TB of sensitive data. It also claims that AAP paid $1.3 million to have its systems restored, and that it needs to pay an additional $1.3 million to keep the stolen files off the dark web.

We don’t know what kinds of documents Embargo stole from the company, but if the Change Healthcare attack was any indication, they could be highly classified information whose leak could lead to class-action lawsuits and regulatory pressure.

We have reached out to AAP with additional questions and will report if we hear anything back.

You might also like

Source link