Rite Aid confirmed that millions of customer data may have been compromised following the major ransomware attack on the American drugstore chain.
In a press release on Monday, Rite Aid disclosed the impact of the data breach on June 6, noting that the hackers stole purchasers' names, addresses, dates of birth, and government-issued IDs.
Rite Aid is estimated to provide services to over 1.6 million Americans each day across its 1,700 retail pharmacies.
Rite Aid assured that no social security numbers, financial information, or any patient data were accessed during the breach.
The drugstore chain is already law enforcement, as well as federal and state regulators, while the company implement "additional security measures to prevent potentially similar attacks in the future."
RansomHub Claims Responsibility for Rite Aid Cyberattack
Cybercrime gang RansomHub later claimed responsibility for the attacks, threatening to expose "45 million lines of people's personal information" if Rite Aid did not meet its ransom demands within 10 days.
This is the same ransomware group responsible for the data breach on UnitedHealth Group in March resulting in millions of US patients' data being compromised and the auction house Christie's last month.
RansomHub is an off-shoot group of the now-defunct BlackCat cybercrime group that previously targeted 60 major global institutions since the Federal Bureau of Investigation first took note of the group in 2021.
Ransomware Attacks Surge Throughout US Healthcare Services
The Rite Aid ransomware attack is only the latest cybercrime incident reported as threat actors continue to exploit weaknesses of healthcare providers' digital services across North America.
Following the data breach on UnitedHealth Group, several other major healthtech firms disclosed data breaches and ransomware attacks, many of which came from suspected Russian state-backed threat actors.
Due to the critical information contained in the leaked data, many healthcare providers are forced to pay the hackers millions of dollars to recover the stolen patient records.