US pharmacy chain Rite Aid stated it skilled a “restricted cybersecurity incident” that affected a few of its methods in June.
A Rite Aid spokesman stated in an announcement that the corporate is finalizing its investigation into the incident, calling it a “high precedence.”
“We are working with specialists from our third-party cybersecurity companions to revive our methods, which at the moment are totally operational, and we’re sending notifications to affected customers,” the spokesperson stated.
He added that Social Security numbers, monetary data and affected person data weren’t affected by the assault.
The assault on Rite Aid got here to mild this week when the RansomHub ransomware group claimed to have attacked the corporate. In a darkish net submit, the cybercriminals stated that they had stolen 10 gigabytes of information, together with buyer data resembling ID numbers and Rite Aid loyalty factors numbers.
The Philadelphia-based firm declined to reply additional questions, together with whether or not ransomware was concerned within the incident, what knowledge was accessed or whether or not a ransom was paid.
Rite Aid is without doubt one of the largest drugstore chains within the United States, with greater than 1,700 shops in 16 states. The firm reported gross sales of $5.7 billion final quarter however filed for chapter in October amid federal lawsuits over the opioid disaster.
Ransomhub, which made headlines earlier this 12 months for storing knowledge stolen from a subsidiary of insurance coverage large UnitedHealth Group, stated it was in negotiations with Rite Aid earlier than the corporate misplaced contact with it. The group had threatened to leak the stolen knowledge if the ransom wasn’t paid by a July 24 deadline.
The firm additionally filed breach notices with California regulators in 2015, 2017 and 2018.
The well being care business has been hit by a spate of cyber incidents this 12 months, with assaults on UnitedHealth Group and a number of other different main gamers within the business rekindling requires federal cyber regulation of the sector.
Sen. Mark R. Warner (D-VA) on Friday despatched a letter to HHS Secretary Xavier Becerra and Vice President for National Security Affairs Anne Neuberger urging them to shortly announce necessary minimal cyber requirements for the healthcare sector.
“More necessary than the financial threat that cyber assaults pose to the healthcare sector is the vulnerability of sufferers’ entry to care and their private medical data. Simply put, poor cybersecurity measures put individuals’s lives in danger,” he stated, including that cybersecurity is a “affected person security difficulty.”
“The dangers are too nice and voluntary established order just isn’t working, particularly on the subject of well being staff who’re systemically necessary to our nations and areas.”
Where can I get extra data?
Recorded Future
Intelligence Cloud.
study extra.
Source hyperlink