Infamous Medusa ransomware group has allegedly targeted and breached the data of a Florida, US based national specialty pharmacy chain BioMatrix. Biomatrix is among the Inc. 5000, one of America’s fastest-growing private companies.
The Cyber Express team reached out to the company to confirm the details of the alleged BioMatrix data breach concerning its details, but an official comment was not available at the time of writing this report. The company’s website seems to be operational at the moment and doesn’t show any immediate sign of the cyberattack.
The BioMatrix data breach was published on Medusa ransomware‘s dark web breach portal named Medusa Blog.
Decoding the BioMatrix Data Breach
Medusa Ransomware group has posted the breach notice on its dark web portal on December 17, 2023 at 15:39:27 UTC.
The alleged BioMatrix data breach includes CVS Health’s contract and alleged patient complaints.
The ransomware gang gave a deadline to BioMatrix, which was reported at, 10 days, 23 hours, 55 minutes, and 30 seconds from the time of publishing.
The notorious ransomware gang has also demanded a hefty ransom amount of USD 1,000,000 from the pharmacy chain to prevent data exposure.
BioMatrix Specialty Pharmacy is a company that provides healthcare solutions for patients in Florida. Founded in 2015, BioMatrix offers a range of chronic health condition services, including hemophilia, transplantation, and digital health technology. BioMatrix also provides individualized pharmacy services, education, and support.
About Medusa Ransomware
Medusa ransomware, or MedusaLocker, is a notorious hacker group that encrypts a victim’s data and prevents them from being accessed. The ransomware group first came into the existence in September 2019 and was targeting Windows computers only.
Since its inception, the Medusa ransomware group has attacked a range of establishments, encompassing corporations, governmental bodies, and healthcare suppliers. If victims do not pay the ransom, the gang has previously threatened to reveal the stolen data, which included sensitive personal information.
The Medusa ransomware infiltrates computers via phishing efforts and weak Remote Desktop Protocols (RDP). Depending on the version, it also uses PowerShell and Batch (BAT) files.
Risk Posed by BioMatrix Data Breach
Biomatrix, is a pharmaceutical company, and cyberattack on this scale can have disastrous consequences for the company itself, as well as its patients.
The alleged BioMatrix Data Breach, if proven true, will bring serious financial implications, operational disturbance and reputational damage to the company. Potential regulatory fines, theft of intellectual property and loss of market trust are another set of harms that the alleged Biomatrix LLX data breach will follow.
Biomatrix LLX data breach can also disrupt important research or wipe outpatient prescription records. Cost of a data breach in a pharma company on an average costed $4.82 million in fiscal year 2023. Malicious attacks account for 45% of pharma data breaches, followed by human mistake (28%), and IT failure (27%).
The pharmaceutical industry is a major target for cybercriminals because it houses some of the most sensitive data and valuable technology.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
