These hacks on significant healthcare organizations should serve as a reminder to clinical labs and anatomic pathology groups to strengthen their cybersecurity defenses.
Public health records, including data from clinical laboratory tests, are still being accessed by hackers, endangering the protected health information (PHI) of thousands of individuals. American Associated Pharmacies (AAP) is the most recent significant healthcare organization to fall prey to a ransomware attack. The Register reports that the AAP declared that more than 1.4 terabytes (TB) of data had been taken by a ransomware operation known as Embargo, which then encrypted the files and demanded $1.3 million to restore them.
According to Embargo, AAP, located in Scottsboro, Alabama, spent $1.3 million to have its systems fixed. According to the HIPAA Journal, “The attack follows ransomware attacks on Memorial Hospital and Manor, an 80-bed community hospital and 107 long-term care facility in Georgia, and Weiser Memorial Hospital, a critical access hospital in Idaho.” They are now requesting an extra $1.3 million to protect the stolen data.
AAP has not released an official statement on the hack or officially acknowledged the ransomware attack. However, it did publish a “Important Notice” on its website stating that ” APIRx.com now has limited ordering capabilities for API Warehouse again.”
Through wholesale purchasing programs, API Warehouse, a division of AAP, assists members in saving money on both brand-name and generic prescription drugs. It has more than 2,500 stock keeping units (SKUs) in its inventory and manages more than 2,000 independent pharmacies around the United States.
“All user passwords associated with both APIRx.com and RxAAP.com have been reset, so existing credentials will no longer be valid to access the sites,” the notice adds. To reset your password, please select “forgot password” from the log-in screen and adhere to the instructions.
“Embargo does not appear to be concentrating on a particular victim profile and appears to have victims from a variety of countries and industries. Mike Hamilton (above), the founder and chief information security officer (CISO) of the cybersecurity company Critical Insight, told HealthcareInfoSecurity, “They seem opportunistic.” They should not be disregarded, nevertheless, because they do have a number of victims in the medical field and have highly advanced tools to thwart detection. We may anticipate that others will utilize their resources and infrastructure if they do, in fact, operate through affiliates, and Embargo might become a major danger to the healthcare industry. Laboratory patients are especially at risk because clinical laboratory tests data comprise 80% of all medical records. (Image courtesy of Critical Insight.)
Embargo on the PHI Hunt
It’s probable that the hackers were able to obtain account information and medical records from every client of the pharmacies that were part in the attack because of the volume of data that Embargo took from the AAP servers.
In June of this year, researchers at the internet security firm ESET discovered the Embargo ransomware group. ESET claimed in a press release that Embargo stole AAP’s data using an endpoint detection and response (EDR) killing toolset.
Embargo appears to be a well-resourced organization based on its methods of operation. In order to communicate with victims, it establishes its own infrastructure. Additionally, the gang uses double extortion to coerce victims into paying: the operators not only encrypt victims’ personal data but also exfiltrate it and threaten to post it on a leak website, according to a news release from ESET.
Recently, Embargo also targeted other healthcare-related businesses. It took credit for breaking into Memorial Hospital and Manor in Bainbridge, Georgia, in November. According to The Cyber Express, Memorial had to switch to a paper-based system as a result of the intrusion that compromised its email and electronic medical record (EHR) systems.
About 200 terabytes (GB) of private information were stolen during Embargo’s attack on Weiser Memorial Hospital in Weiser, Idaho, which also resulted in a four-week computer system outage.
Additional Cyberattacks Targeting Healthcare Institutions
Over the previous few years, Dark Daily has published numerous ebriefs covering numerous cyberattacks against hospital health systems.
We outlined how Ascension’s inability to access medical information during the attack resulted in significant interruptions to patient care in “Cyberattack Renders Healthcare Providers across Ascension’s Hospital Network Unable to Access Medical Records Endangering Patients.” The complete restoration of Ascension’s electronic health record system took almost a month.
The February cyberattack on Change Healthcare prompted its parent company, UnitedHealth Group, to submit a Material Cybersecurity Incidents Report (form 8-K) to the US Securities and Exchange Commission (SEC), stating that it had “identified a suspected nation-state associated cybersecurity threat actor [that] had gained access to some of the Change Healthcare information technology systems,” according to Dark Daily’s article, “Change Healthcare Cyberattack Disrupts Pharmacy Order Processing for Healthcare Providers Nationwide.”
According to Reuters, the threat actor’s true identity was discovered a few days later to be a ransomware organization called BlackCat (also known as ALPHV).
Additionally, in “Continued Cyberattacks on Hospitals, Clinical Laboratories, and Other Providers Cause Closures as Hackers Grow in Sophistication,” we detailed how hospitals of all sizes are still frequently the target of sophisticated cyberattacks in which hackers remotely take down computer systems within a healthcare network, including the clinical laboratory information system (LIS), and demand ransomware payments.
Protecting patient information is essential, and more healthcare institutions are learning the hard way that they are susceptible to cyberattacks. Managers of clinical laboratories and pathology groups are once again reminded by this circumstance to take aggressive measures to safeguard their information systems and to regularly upgrade their digital security.
Patients are constantly at risk of having their confidential records stolen since hackers are working hard to gain access to protected health information.
