SCOTTSBORO, Ala. — American Associated Pharmacies (AAP) joins the ever-expanding list of U.S. healthcare organizations that have experienced a data breach as the result of a ransomware attack.
The Embargo ransomware group has claimed responsibility for the attack, allegedly stealing 1.469 TB of AAP’s data, reports the Register. AAP’s files have been scrambled, and Embargo has demanded payment so the information can be restored.
Check Point is reporting that AAP paid the cyber criminals $1.3 million for decryption and now faces another $1.3 million demand to prevent exposure of its data.
Related Article: Ransomware Attack Forces Texas Level 1 Trauma Center to Divert Patients
Although the company has not admitted to the breach, AAP did post on its website that, “All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites. Please click “forgot password” on the log in screen and follow the prompts accordingly to reset your password.” Additionally, the company said, “Limited ordering capabilities for API Warehouse have been restored at APIRx.com.”
AAP manages more than 2,000 pharmacies across the U.S.
New Ransomware Group Targeted AAP
The Embargo ransomware group is relatively new, only emerging this summer, reports HIPAA Journal. TechRadar reports that the ransomware group uses “endpoint detection and response (EDR) killing tools to drop its payload.” It also uses a “Rust-based” ransomware kit.
AAP’s troubles follow many other healthcare companies, like Change Healthcare, Henry Schein, and CommonSpirit, that have been the victims of ransomware gangs.
Related Article: 2,000 Critical Access Hospitals to Receive Free Cybersecurity Services
One of the ransomware groups responsible for this spring’s massive attack on Change Healthcare leaked the company’s data despite Change Healthcare paying a ransom of $22 million. One cybersecurity expert estimated some healthcare providers lost $100 million per day because of that particular attack.
The Change Healthcare event was so severe that the U.S. Department of Health and Human Services sent a letter to U.S. healthcare leaders urging quick identification and implementation of solutions to ransomware incidents.