Furthermore, this cyber attack has raised concerns about the security of confidential data entrusted to the pharmacy, challenging its reputation for customer welfare and data protection. The breach included critical data such as Social Security Numbers, posing a substantial threat to affected individuals, although Allcare Pharmacy has not yet issued a formal response or statement regarding the incident.
Additionally, the Lorenz ransomware group has claimed responsibility for the attack, adding Allcare Pharmacy to its list of victims. This group has a history of targeting high-profile organizations since 2021 and has employed sophisticated tactics. The healthcare sector has increasingly become a prime target for cybercriminals, with healthcare organizations facing a staggering 1,426 attacks per week in 2022, marking a 60% surge from the previous year.
At the same time, the cost of data breaches in the healthcare industry has risen by 42%, averaging $10.10 million per incident. Ransomware attacks, particularly those by groups like Lorenz, have proven to be a significant threat, with a focus on double extortion tactics, demanding ransoms ranging from $500,000 to $700,000 for data release.
Despite seemingly modest ransom demands, the consequences of such attacks can be devastating, especially for smaller businesses. The Lorenz ransomware group’s origins trace back to the .sZ40 ransomware discovered in October 2020, and it has left a trail of victims by targeting English-speaking countries. The group’s persistent and adaptable tactics have made it a notable threat in the cybersecurity landscape, highlighting the urgent need for enhanced data security measures in the healthcare sector to protect patient privacy and prevent such cyberattacks.