The infamous Medusa ransomware group has reportedly executed a cyberattack on BioMatrix, a national specialty pharmacy chain based in Florida, as disclosed in a breach notice published on Medusa’s dark web portal on December 17, 2023. BioMatrix, recognized as one of America’s fastest-growing private companies in the Inc. 5000 list, appears to be facing a critical situation. The breach allegedly includes sensitive information such as CVS Health’s contract and purported patient complaints. Medusa has issued a ransom demand of USD 1,000,000 to prevent the exposure of BioMatrix’s compromised data.
Despite the cyberattack, BioMatrix’s website currently shows no immediate signs of disruption. However, the ransomware group has imposed a deadline of 10 days, 23 hours, 55 minutes, and 30 seconds from the time of the breach notice for BioMatrix to comply with their ransom demands. The pharmacy chain specializes in providing healthcare solutions, particularly for patients in Florida dealing with chronic health conditions like hemophilia, transplantation, and digital health technology. Founded in 2015, BioMatrix offers individualized pharmacy services, education, and support to its clientele.
This incident highlights the persistent threat posed by ransomware groups, emphasizing the need for heightened cybersecurity measures in the healthcare sector and other critical industries. As Medusa ransomware continues to leverage dark web breach portals to publish targeted organizations’ compromises, it underscores the urgency for companies to reinforce their cybersecurity defenses and adopt proactive strategies to mitigate the risk of data breaches and ransomware attacks.