Rite Aid Ransomware Attack by RansomHub Affects 2.2 Million Customers

Incident Date: Jul 12, 2024

Attack Overview

VICTIM

Rite-Aid

INDUSTRY

Healthcare Services

LOCATION

USA

ATTACKER

Ransomhub

FIRST REPORTED

July 12, 2024

Request Removal

RansomHub Ransomware Attack on Rite Aid

Overview of Rite Aid

Rite Aid is a prominent American pharmacy chain, founded in 1962, that operates retail drugstores across the United States. The company offers a wide range of health and wellness services, including pharmaceutical services, over-the-counter medications, and various health and beauty products. Rite Aid is publicly traded on the New York Stock Exchange under the ticker symbol RAD and reported a sales volume of $24.6 billion in 2022. The company employs approximately 50,000 people and is headquartered in Camp Hill, Pennsylvania.

Details of the Ransomware Attack

In June 2024, Rite Aid fell victim to a ransomware attack by the group RansomHub, affecting 2.2 million people. The breach involved unauthorized access detected within 12 hours after hackers impersonated an employee on June 6. Although no Social Security numbers, financial data, or patient information were compromised, RansomHub claimed to have stolen 10 gigabytes of data, including customer names, addresses, and other personal details from transactions between June 6, 2017, and July 30, 2018. Rite Aid has notified the affected customers and is offering them free credit monitoring and identity protection for 12 months.

About RansomHub

RansomHub is a relatively new ransomware group believed to have roots in Russia. Operating as a Ransomware-as-a-Service (RaaS) group, affiliates receive 90% of the ransom money, with the remaining 10% going to the main group. RansomHub's ransomware strains are written in Golang, a trend in the ransomware world. The group has targeted various countries, including the US, Brazil, Indonesia, and Vietnam, with healthcare-related institutions being among the listed victims.

Penetration and Impact

RansomHub likely penetrated Rite Aid's systems by impersonating an employee, a common tactic in social engineering attacks. The rapid detection of unauthorized access within 12 hours suggests that Rite Aid had some level of monitoring in place. However, the breach still resulted in the theft of significant customer data. This incident has added to Rite Aid's challenges, including ongoing federal lawsuits and a previous data breach, prompting renewed calls for enhanced cybersecurity regulations in the healthcare sector.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.