Ransomware Attack on Allcare Medical Management Inc. by LockBit 3.0

Incident Date: May 16, 2024

Attack Overview

VICTIM

Allcare Medical Management Inc.

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Lockbit

FIRST REPORTED

May 16, 2024

Request Removal

Ransomware Attack on Allcare Medical Management Inc. by LockBit 3.0

Victim Overview

Allcare Medical Management Inc. (AMMI) is a leading provider of practice management solutions for medical practices. Founded in 2005, AMMI aims to streamline business processes in modern-day medical practices. The company, headquartered in San Bernardino, California, employs approximately 427 staff members and generated revenue of $6.1 million. AMMI offers services such as reducing office expenses, billing management, accounts receivable, practice management, electronic health records, payroll, and bookkeeping. The company's commitment to excellence and execution has led to industry-leading associate and client retention rates.

Company Profile

Allcare operates in the Healthcare Services sector, providing medical supplies and equipment to healthcare professionals and individuals. The company stands out in the industry due to its focus on improving medical practice efficiency through seamless solutions.

Attack Overview

The company recently fell victim to a cybercrime attack by LockBit 3.0. The attacker targeted the company's website using ransomware to encrypt its data. This attack was likely intended to extort a ransom from the victim for the decryption of the data.

Ransomware Group Details

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that evolved from the LockBit ransomware group. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active. It encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. LockBit 3.0 has advanced features like lateral movement through networks and self-covering tracks, making it more evasive and modular than previous variants.

Company Vulnerabilities

The attacked company may have been targeted by threat actors due to its position in the healthcare industry, where data security and patient privacy are paramount. The company's extensive client base and financial transactions could have made it an attractive target for ransomware attacks. Additionally, the nature of AMMI's services, which involve managing sensitive medical and financial data, could have exposed vulnerabilities that threat actors exploited to carry out the attack.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.