American Addiction Centers Hit by Rhysida Ransomware Attack

Incident Date: Nov 16, 2024

Attack Overview

VICTIM

American Addiction Centers (AAC)

INDUSTRY

Agriculture

LOCATION

USA

ATTACKER

Rhysida

FIRST REPORTED

November 16, 2024

Request Removal

Ransomware Attack on American Addiction Centers by Rhysida Group

American Addiction Centers (AAC), a leading provider of substance abuse treatment services in the United States, has fallen victim to a ransomware attack orchestrated by the notorious Rhysida group. The breach, discovered on November 18, 2024, has raised significant concerns due to the sensitive nature of the data potentially compromised.

About American Addiction Centers

Founded in 2007, AAC operates a comprehensive network of rehabilitation facilities across eight states, including California, Florida, Texas, and Massachusetts. The organization specializes in evidence-based treatments for drug and alcohol addiction, as well as co-occurring mental health disorders. AAC is distinguished by its holistic approach to addiction treatment, emphasizing individualized care plans and a high staff-to-patient ratio. With a workforce of 1,001 to 5,000 employees, AAC generates approximately $150 million in revenue annually, primarily through its treatment services.

Attack Overview

The Rhysida ransomware group claims to have exfiltrated data from AAC, although the exact volume of compromised information remains undisclosed. Given AAC's role in handling sensitive patient data, the breach poses a significant threat to privacy and operational continuity. The attack underscores the vulnerabilities faced by organizations in the healthcare sector, where data sensitivity and service disruptions can have severe consequences.

About Rhysida Ransomware Group

Emerging in May 2023, Rhysida has quickly established itself as a formidable player in the Ransomware-as-a-Service (RaaS) ecosystem. The group is known for targeting high-value sectors such as healthcare, education, and government, employing tactics that include phishing and exploiting VPN vulnerabilities. Rhysida's double extortion model, which involves demanding ransoms for both data decryption and preventing public data release, places immense financial pressure on victims.

Potential Vulnerabilities

Rhysida's attack on AAC likely exploited vulnerabilities in the organization's network, potentially through phishing or VPN exploitation. The group's use of "living-off-the-land" tactics, which involve leveraging legitimate system tools to evade detection, further complicates defense efforts. AAC's reliance on sensitive patient data makes it an attractive target for ransomware groups seeking high-impact outcomes.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.