A ransomware attack by Embargo has allegedly targeted American Associated Pharmacies (AAP). The attackers claim that AAP paid $1.3 million to regain access to its encrypted systems. They now demand an additional payment of the same amount to avoid disclosing 1.5TB of stolen data.
What happened
American Associated Pharmacies (AAP) has reportedly become the latest healthcare organization in the United States to suffer a significant ransomware attack. The group behind the breach, known as Embargo, claims to have encrypted AAP’s systems and stolen nearly 1.5TB of sensitive data.
AAP’s response has been limited so far, with the company resetting user passwords for its platforms, APIRx.com and RxAAP.com. The attack mirrors recent incidents affecting healthcare entities like Change Healthcare and CommonSpirit, demonstrating the ongoing vulnerability of the sector to cyber threats.
While details about the stolen data remain scarce, past healthcare breaches suggest the information could include highly sensitive documents, such as patient records, financial information, or intellectual property.
Read also: The biggest healthcare data breaches
In the know
Embargo, a relatively new ransomware group first identified by ESET in June 2024, has gained notoriety for using rust-based ransomware kits. The group claims AAP paid $1.3 million to decrypt its files, but it now demands an additional $1.3 million to prevent the stolen data from being leaked online.
What was said
AAP has not released an official statement about the ransomware attack beyond notifying users about password resets. According to Tech Radar, the company said: “All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites. Please click ‘forgot password’ on the login screen and follow the prompts accordingly to reset your password.”
The attackers, however, have been vocal. Embargo claims it holds critical AAP data and asserts the company already paid to regain access to its systems. Their demand for an additional payment raises concerns about the group’s intentions and reliability.
See also: HIPAA Compliant Email: The Definitive Guide
Why it matters
American Associated Pharmacies joins a long list of healthcare organizations grappling with the fallout of ransomware attacks. As Embargo threatens to release stolen data unless further payments are made, the incident underscores the importance of stronger cybersecurity frameworks in the healthcare industry. Whether AAP can mitigate the damage remains to be seen, but the attack has already exposed the company to significant risks and uncertainties.
See also: OCR releases ransomware prevention guidance
FAQs
What is a ransomware attack?
A ransomware attack is a type of cyberattack where malicious software encrypts a victim’s data or systems, rendering them inaccessible. The attackers then demand a ransom payment, often in cryptocurrency, in exchange for a decryption key or to prevent the release of stolen data.
What should I do if I suspect a ransomware attack?
- Disconnect affected devices from the network to prevent further spread.
- Do not pay the ransom; there is no guarantee the attackers will restore your data.
- Contact your IT team or a cybersecurity expert immediately.
- Report the attack to law enforcement or a cybersecurity authority, such as the FBI or CISA.
- Restore systems from backups if available.
Can ransomware attacks be prevented?
While no method offers 100% protection, you can reduce the risk by:
- Implementing strong, regularly updated cybersecurity measures.
- Training employees on phishing and other cyber threats.
- Keeping software and systems up to date with the latest security patches.
- Using multi-factor authentication (MFA) to protect accounts.
- Maintaining regular, secure backups of critical data.
Tshedimoso Makhene
