A ransomware attack by Embargo has allegedly targeted American Associated Pharmacies (AAP). The attackers claim that AAP paid $1.3 million to regain access to its encrypted systems. They now demand an additional payment of the same amount to avoid disclosing 1.5TB of stolen data.
American Associated Pharmacies (AAP) has reportedly become the latest healthcare organization in the United States to suffer a significant ransomware attack. The group behind the breach, known as Embargo, claims to have encrypted AAP’s systems and stolen nearly 1.5TB of sensitive data.
AAP’s response has been limited so far, with the company resetting user passwords for its platforms, APIRx.com and RxAAP.com. The attack mirrors recent incidents affecting healthcare entities like Change Healthcare and CommonSpirit, demonstrating the ongoing vulnerability of the sector to cyber threats.
While details about the stolen data remain scarce, past healthcare breaches suggest the information could include highly sensitive documents, such as patient records, financial information, or intellectual property.
Read also: The biggest healthcare data breaches
Embargo, a relatively new ransomware group first identified by ESET in June 2024, has gained notoriety for using rust-based ransomware kits. The group claims AAP paid $1.3 million to decrypt its files, but it now demands an additional $1.3 million to prevent the stolen data from being leaked online.
AAP has not released an official statement about the ransomware attack beyond notifying users about password resets. According to Tech Radar, the company said: “All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites. Please click ‘forgot password’ on the login screen and follow the prompts accordingly to reset your password.”
The attackers, however, have been vocal. Embargo claims it holds critical AAP data and asserts the company already paid to regain access to its systems. Their demand for an additional payment raises concerns about the group’s intentions and reliability.
See also: HIPAA Compliant Email: The Definitive Guide
American Associated Pharmacies joins a long list of healthcare organizations grappling with the fallout of ransomware attacks. As Embargo threatens to release stolen data unless further payments are made, the incident underscores the importance of stronger cybersecurity frameworks in the healthcare industry. Whether AAP can mitigate the damage remains to be seen, but the attack has already exposed the company to significant risks and uncertainties.
See also: OCR releases ransomware prevention guidance
A ransomware attack is a type of cyberattack where malicious software encrypts a victim’s data or systems, rendering them inaccessible. The attackers then demand a ransom payment, often in cryptocurrency, in exchange for a decryption key or to prevent the release of stolen data.
While no method offers 100% protection, you can reduce the risk by: