RansomHub’s Cyberattack on Rite Aid

by

Rite Aid, the third biggest pharmacy company based in Philadelphia with over 2,000 U.S. stores, reported a cyberattack in June that potentially compromised customer’s protected health information (PHI). The breach investigation and incident response by third-party cybersecurity experts are almost completed. All breached systems were recovered and are 100% operational. The analysis of the compromised files is also nearly done. Rite Aid has already announced the start of sending individual breach notification letters.

Rite Aid has not yet reported the number of individuals impacted nor the precise types of data exposed in the incident, however, Rite Aid stated that the cybersecurity incident has a limited impact. No Social Security numbers, health data or financial data were affected. Rite Aid has not yet reported which ransomware group conducted the attack; but the RansomHub group claimed it was behind the incident.

RansomHub stated that 10GB of information was stolen during the attack, which includes approximately 45 million lines of personal information like names, Rite Aid rewards numbers, addresses, birth dates, and ID numbers. RansomHub said that Rite Aid tried to negotiate but stopped all communications when the negotiations were about to reach the final stages. Therefore, RansomHub threatened the victim to publish the stolen information on its data leak site if the ransom is not paid by July 26, 2024.

RansomHub is just a new ransomware group that appeared in February 2024. It is very active in conducting attacks and getting affiliates, such as the Scattered Spider cybercrime group. RansomHub was also known to extort Change Healthcare after claiming that it possessed the data that the then Blackcat ransomware group affiliate stole during the February 2024 ransomware attack. A recent attack by the group involved the Florida Department of Health. Because the ransom was not paid, the group leaked the data exfiltrated during the attack.

This is not Rite Aid’s first cybersecurity incident. In May 2023, the company was also affected by the MOVEit hacking campaign planned by the Cl0p ransomware group. More than 24,000 customers’ personally identifiable information, such as insurance and medication details, was exposed in that incident.

Regarding the breach incident, systems operations are back thanks to the help of cybersecurity experts. Affected individuals can call company support at 866-810-8094 for more information and other concerns. The number will be available until October 15, 2024, from 8 a.m. to 5:30 p.m. Central time. With the increasing cyber threats, Rite Aid and other impacted companies are upgrading their cybersecurity options to avoid potential breaches and secure consumer information from threat actors.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone