AAP
Company Details
Linkedin ID:
rxaap
Website:
Employees number:
138
Number of followers:
3,872
NAICS:
3254
Industry Type:
Homepage:
rxaap.com
IP Addresses:
0
Company ID:
AME_1610583
Scan Status:
In-progress
American Associated Pharmacies (AAP) Company CyberSecurity Posture
rxaap.com
American Associated Pharmacies (AAP) is a member-owned cooperative that prides itself on providing the most progressive, effective, and forward-thinking programs and services designed to put profit back in the independent pharmacy. AAP is a truly independent pharmacy co-operative that puts you in control by offering fully customized programs and services that best fit YOUR store. Keep in mind, you’ll own it all too.
American Associated Pharmacies (AAP) A.I CyberSecurity Scoring
AAP Risk Score (AI oriented)Between 600 and 649
AAP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AAP Global Score (TPRM)XXXX
AAP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AAP Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
American Associated Pharmacies (AAP)
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: American Associated Pharmacies (AAP), a cooperative supporting over 2,000 independent U.S. pharmacies, suffered a **data breach** in October 2024. Hackers infiltrated AAP’s network on **October 13, 2024**, exfiltrating sensitive personal and financial data before encrypting files. The compromised information includes **names, addresses, dates of birth, Social Security numbers, passport/driver’s license details, bank/routing numbers, medical records (treatment data, prescriptions, insurance info), and credentials (usernames/passwords)**. The breach poses severe risks of **identity theft, financial fraud, and medical data exploitation**, affecting customers, employees, and affiliated pharmacies. AAP secured its systems upon detection (October 23, 2024) and launched an investigation, while law firm **Edelson Lechtzin LLP** is pursuing a **class-action lawsuit** for victims. The incident underscores critical vulnerabilities in handling **highly regulated health and financial data**, with potential long-term reputational and operational damage to AAP and its pharmacy network.
American Associated Pharmacies (AAP)
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: American Associated Pharmacies (AAP), a Scottsboro, Ala.-based pharmacy network overseeing over **2,000 independent pharmacies**, suffered a **ransomware attack** by the **Embargo group**. Hackers stole **1.4 TB of data**, including **protected health information (PHI)** and **clinical laboratory testing records**, encrypting files and demanding **$1.3 million** for decryption. AAP reportedly paid the initial ransom, but Embargo later demanded an **additional $1.3 million** to prevent data leakage. The attack disrupted **API Warehouse operations**, forcing password resets for **APIRx.com and RxAAP.com**. The breach exposed **thousands of patients’ medical and account details**, with potential long-term risks of identity theft and fraud. The incident follows similar attacks on **Memorial Hospital (Georgia)** and **Weiser Memorial Hospital (Idaho)**, highlighting Embargo’s **sophisticated EDR-killer toolkit** and **double-extortion tactics** (encryption + data leak threats).
AAP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AAP
Incidents vs Pharmaceutical Manufacturing Industry Average (This Year)
No incidents recorded for American Associated Pharmacies (AAP) in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for American Associated Pharmacies (AAP) in 2025.
Incident Types AAP vs Pharmaceutical Manufacturing Industry Avg (This Year)
No incidents recorded for American Associated Pharmacies (AAP) in 2025.
Incident History — AAP (X = Date, Y = Severity)
AAP cyber incidents detection timeline including parent company and subsidiaries
AAP Company Subsidiaries
American Associated Pharmacies (AAP) is a member-owned cooperative that prides itself on providing the most progressive, effective, and forward-thinking programs and services designed to put profit back in the independent pharmacy. AAP is a truly independent pharmacy co-operative that puts you in control by offering fully customized programs and services that best fit YOUR store. Keep in mind, you’ll own it all too.
Loading...
AAP Similar Companies
MSD
At MSD, known as Merck & Co., Inc., Rahway, NJ, USA in the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important
The Janssen Pharmaceutical Companies of Johnson & Johnson
At Janssen, we never stop working toward a future where disease is a thing of the past. We’re the Pharmaceutical Companies of Johnson & Johnson, and you can count on us to keep working tirelessly to make that future a reality for patients everywhere, by fighting sickness with science, improving ac
Viatris
Viatris Inc. (NASDAQ: VTRS) is a global healthcare company uniquely positioned to bridge the traditional divide between generics and brands, combining the best of both to more holistically address healthcare needs globally. With a mission to empower people worldwide to live healthier at every stage
MANKIND PHARMA LTD
Mankind Pharma, one of the top 5 leading pharmaceutical companies in India, started its journey in 1995. Today, we have an employee base of over 20,000 and are racing towards $1 Billion. At Mankind, we aspire to aid the community in leading a healthy life by formulating, developing, commercializing,
Takeda
We strive to transform lives. While the science we advance is constantly evolving, our core purpose is enduring. For more than two centuries, our values have guided us to do what’s right for patients and for society. We know that changing lives requires us to do things differently. We start by list
AbbVie is a global biopharmaceutical company focused on creating medicines and solutions that put impact first — for patients, communities, and our world. We aim to address complex health issues and enhance people's lives through our core therapeutic areas: immunology, oncology, neuroscience, eye ca
Novartis is an innovative medicines company. Every day, working to reimagine medicine to improve and extend people’s lives so that patients, healthcare professionals and societies are empowered in the face of serious disease. Our medicines reach more than 250 million people worldwide. Find out mor
We are Sanofi, an innovative global healthcare company. We chase the miracles of science to improve people’s lives. Our team, across some 100 countries, is dedicated to transforming the practice of medicine by working to turn the impossible into the possible. We provide potentially life-changing t
At Teva, we're proud to be a different kind of global pharmaceutical leader, one that operates across the full spectrum of innovation to reliably deliver medicines to patients worldwide. For over 120 years, our commitment to bettering health has never wavered. Every day, we challenge ourselves to p
.png)
AAP CyberSecurity News
April 07, 2025 07:00 AM
Meeting Preview: AAP 2025 Annual Conference
The American Associated Pharmacies' 2025 Annual Conference is set to take place this week in the “Live Music Capital of the World,” Austin, Texas.
January 06, 2025 08:05 PM
American Associated Pharmacies Data Breach Lawsuit Investigation
Got a data breach notice from American Associated Pharmacies (AAP)? You may be able to take legal action to recover money for loss of privacy and more.
December 02, 2024 08:00 AM
American Associated Pharmacies Struck by Ransomware Attack
AAP announced a ransomware operation called Embargo had stolen over 1.4 terabytes (TB) of data, encrypted those files, and demanded $1.3 million to decrypt the...
November 18, 2024 08:00 AM
18th November – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin.
April 19, 2024 07:00 AM
Medicare-Focused Insurance Agency Could Benefit Independent Pharmacies
A Q&A with Joe McKamey, general manager at Marcrom's Pharmacy in Manchester, Tennessee.
April 11, 2024 07:00 AM
Keeping Pharmacies Independent: Best Practices For Selling, Buying a Business
At AAP 2024, the Cardinal Health Pharmacy Transitions Services team hosted a session outlining how best to go about selling and buying a...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AAP CyberSecurity History Information
Official Website of American Associated Pharmacies (AAP)
The official website of American Associated Pharmacies (AAP) is http://www.rxaap.com.
American Associated Pharmacies (AAP)’s AI-Generated Cybersecurity Score
According to Rankiteo, American Associated Pharmacies (AAP)’s AI-generated cybersecurity score is 608, reflecting their Poor security posture.
How many security badges does American Associated Pharmacies (AAP)’ have ?
According to Rankiteo, American Associated Pharmacies (AAP) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does American Associated Pharmacies (AAP) have SOC 2 Type 1 certification ?
According to Rankiteo, American Associated Pharmacies (AAP) is not certified under SOC 2 Type 1.
Does American Associated Pharmacies (AAP) have SOC 2 Type 2 certification ?
According to Rankiteo, American Associated Pharmacies (AAP) does not hold a SOC 2 Type 2 certification.
Does American Associated Pharmacies (AAP) comply with GDPR ?
According to Rankiteo, American Associated Pharmacies (AAP) is not listed as GDPR compliant.
Does American Associated Pharmacies (AAP) have PCI DSS certification ?
According to Rankiteo, American Associated Pharmacies (AAP) does not currently maintain PCI DSS compliance.
Does American Associated Pharmacies (AAP) comply with HIPAA ?
According to Rankiteo, American Associated Pharmacies (AAP) is not compliant with HIPAA regulations.
Does American Associated Pharmacies (AAP) have ISO 27001 certification ?
According to Rankiteo,American Associated Pharmacies (AAP) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of American Associated Pharmacies (AAP)
American Associated Pharmacies (AAP) operates primarily in the Pharmaceutical Manufacturing industry.
Number of Employees at American Associated Pharmacies (AAP)
American Associated Pharmacies (AAP) employs approximately 138 people worldwide.
Subsidiaries Owned by American Associated Pharmacies (AAP)
American Associated Pharmacies (AAP) presently has no subsidiaries across any sectors.
American Associated Pharmacies (AAP)’s LinkedIn Followers
American Associated Pharmacies (AAP)’s official LinkedIn profile has approximately 3,872 followers.
NAICS Classification of American Associated Pharmacies (AAP)
American Associated Pharmacies (AAP) is classified under the NAICS code 3254, which corresponds to Pharmaceutical and Medicine Manufacturing.
American Associated Pharmacies (AAP)’s Presence on Crunchbase
No, American Associated Pharmacies (AAP) does not have a profile on Crunchbase.
American Associated Pharmacies (AAP)’s Presence on LinkedIn
Yes, American Associated Pharmacies (AAP) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/rxaap.
Cybersecurity Incidents Involving American Associated Pharmacies (AAP)
As of December 04, 2025, Rankiteo reports that American Associated Pharmacies (AAP) has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
American Associated Pharmacies (AAP) has an estimated 5,307 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at American Associated Pharmacies (AAP) ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
How does American Associated Pharmacies (AAP) detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (password resets implemented), and containment measures with password reset for all users on apirx.com and rxaap.com, containment measures with partial restoration of ordering capabilities, and recovery measures with limited ordering capabilities restored for api warehouse, and communication strategy with 'important notice' posted on aap website, communication strategy with no official public statement on breach, and and containment measures with secured systems upon detection of suspicious activity, and communication strategy with public disclosure via press release (2025-11-18), communication strategy with advisory to monitor credit reports and account statements..
Incident Details
Can you provide details on each incident ?
Title: American Associated Pharmacies Ransomware Attack by Embargo
Description: American Associated Pharmacies (AAP), a major pharmacy network overseeing over 2,000 independent pharmacies, was struck by a ransomware attack by the group 'Embargo.' The attackers stole 1.4 TB of data, encrypted files, and initially demanded $1.3 million for decryption. After AAP allegedly paid the ransom, Embargo demanded an additional $1.3 million to prevent public disclosure of the stolen data. The attack disrupted AAP’s API Warehouse subsidiary, leading to limited ordering capabilities and a password reset for all users. Embargo is described as a sophisticated, opportunistic group with a history of targeting healthcare entities, including Memorial Hospital and Manor (Georgia) and Weiser Memorial Hospital (Idaho).
Type: ransomware
Attack Vector: endpoint detection and response (EDR) killer toolkitdata exfiltrationfile encryption
Threat Actor: Embargo (ransomware group)
Motivation: financial gain (ransom extortion)
Title: American Associated Pharmacies (AAP) Data Breach and Ransomware Incident
Description: American Associated Pharmacies (AAP), a member-owned cooperative supporting over 2,000 independent U.S. pharmacies, detected a data breach on October 23, 2024. Hackers gained unauthorized access to AAP's network on October 13, 2024, exfiltrating sensitive personal and medical data before encrypting files. The compromised data includes names, addresses, Social Security numbers, medical records, health insurance details, prescription data, and financial information (e.g., bank account numbers, usernames, passwords). AAP secured its systems upon detection and initiated an investigation. A class action lawsuit is being investigated by Edelson Lechtzin LLP on behalf of affected individuals.
Date Detected: 2024-10-23
Date Publicly Disclosed: 2025-11-18
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : ransomware RXA1362213091025
Data Compromised: 1.4 tb of data (including protected health information - phi), Medical records, Account details, Prescription data
Systems Affected: API Warehouse ordering system (APIRx.com)RxAAP.comemail systems (in related attacks)electronic medical record (EHR) systems (in related attacks)
Downtime: ['limited ordering capabilities restored (partial recovery)', 'four-week outage at Weiser Memorial Hospital (related attack)']
Operational Impact: switch to paper-based systems (in related attacks)disruption of pharmacy order processing
Brand Reputation Impact: high (potential exposure of sensitive patient data, public ransom demands)
Identity Theft Risk: high (PHI and account details compromised)
Incident : Data Breach RXA0802508111925
Data Compromised: Names, Addresses, Dates of birth, Social security numbers, Passport numbers, Driver’s license/id numbers, Bank account and routing numbers, Medical/clinical treatment details, Provider names, Medical record numbers, Health insurance information, Prescription data, Usernames and passwords
Systems Affected: Computer networkFile storage systems
Brand Reputation Impact: Potential reputational damage due to exposure of highly sensitive personal and medical data; class action lawsuit initiated.
Legal Liabilities: Class action lawsuit investigation by Edelson Lechtzin LLP for data privacy violations.
Identity Theft Risk: High (due to exposure of SSNs, financial data, and medical records)
Payment Information Risk: High (bank account/routing numbers, usernames/passwords exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Protected Health Information (Phi), Clinical Laboratory Testing Data, Medical Records, Account Details, Prescription Data, , Personally Identifiable Information (Pii), Protected Health Information (Phi), Financial Information, Authentication Credentials and .
Which entities were affected by each incident ?
Incident : ransomware RXA1362213091025
Entity Name: American Associated Pharmacies (AAP)
Entity Type: pharmacy network
Industry: healthcare
Location: Scottsboro, Alabama, USA
Size: over 2,000 independent pharmacies served
Incident : ransomware RXA1362213091025
Entity Name: API Warehouse (subsidiary of AAP)
Entity Type: wholesale purchasing platform
Industry: healthcare/pharmacy
Location: USA
Size: 2,500+ SKUs in inventory
Incident : ransomware RXA1362213091025
Entity Name: Memorial Hospital and Manor
Entity Type: community hospital and long-term care facility
Industry: healthcare
Location: Bainbridge, Georgia, USA
Size: 80-bed hospital + 107 long-term care beds
Incident : ransomware RXA1362213091025
Entity Name: Weiser Memorial Hospital
Entity Type: critical access hospital
Industry: healthcare
Location: Weiser, Idaho, USA
Incident : Data Breach RXA0802508111925
Entity Name: American Associated Pharmacies (AAP)
Entity Type: Member-owned cooperative
Industry: Healthcare (Pharmacy Services)
Location: United States
Size: Supports over 2,000 independent pharmacies
Response to the Incidents
What measures were taken in response to each incident ?
Incident : ransomware RXA1362213091025
Incident Response Plan Activated: likely (password resets implemented)
Containment Measures: password reset for all users on APIRx.com and RxAAP.compartial restoration of ordering capabilities
Recovery Measures: limited ordering capabilities restored for API Warehouse
Communication Strategy: 'Important Notice' posted on AAP websiteno official public statement on breach
Incident : Data Breach RXA0802508111925
Incident Response Plan Activated: True
Containment Measures: Secured systems upon detection of suspicious activity
Communication Strategy: Public disclosure via press release (2025-11-18)Advisory to monitor credit reports and account statements
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as likely (password resets implemented), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : ransomware RXA1362213091025
Type of Data Compromised: Protected health information (phi), Clinical laboratory testing data, Medical records, Account details, Prescription data
Sensitivity of Data: high (includes PHI and medical records)
Data Exfiltration: 1.4 TB of data stolen
Data Encryption: files encrypted by ransomware
Personally Identifiable Information: likely (PHI includes PII)
Incident : Data Breach RXA0802508111925
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi), Financial information, Authentication credentials
Sensitivity of Data: High (includes SSNs, medical records, financial data, and credentials)
Data Encryption: True
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by password reset for all users on apirx.com and rxaap.com, partial restoration of ordering capabilities, , secured systems upon detection of suspicious activity and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware RXA1362213091025
Ransom Demanded: $1.3 million (initial) + $1.3 million (additional for data suppression)
Ransom Paid: $1.3 million (allegedly paid for decryption, unconfirmed by AAP)
Ransomware Strain: Embargo
Data Encryption: yes (files encrypted)
Data Exfiltration: yes (1.4 TB of data stolen)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through limited ordering capabilities restored for API Warehouse, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware RXA1362213091025
Regulations Violated: potential HIPAA violations (PHI compromised),
Incident : Data Breach RXA0802508111925
Legal Actions: Class action lawsuit investigation by Edelson Lechtzin LLP,
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit investigation by Edelson Lechtzin LLP, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware RXA1362213091025
Lessons Learned: Healthcare entities, including clinical laboratories and pharmacies, must proactively upgrade cybersecurity defenses to protect against sophisticated ransomware groups like Embargo. Regular security assessments, endpoint detection improvements, and employee training are critical to mitigating risks of PHI exposure and operational disruptions.
What recommendations were made to prevent future incidents ?
Incident : ransomware RXA1362213091025
Recommendations: Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Develop and test incident response plans specific to ransomware and double extortion scenarios., Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Segment networks to limit lateral movement by attackers., Maintain offline, encrypted backups to enable recovery without paying ransom., Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.
Incident : Data Breach RXA0802508111925
Recommendations: Monitor credit reports and account statements for suspicious activity, Implement stronger access controls and network segmentation, Enhance endpoint detection and response (EDR) capabilities, Conduct regular security audits and penetration testing, Provide identity theft protection services to affected individualsMonitor credit reports and account statements for suspicious activity, Implement stronger access controls and network segmentation, Enhance endpoint detection and response (EDR) capabilities, Conduct regular security audits and penetration testing, Provide identity theft protection services to affected individualsMonitor credit reports and account statements for suspicious activity, Implement stronger access controls and network segmentation, Enhance endpoint detection and response (EDR) capabilities, Conduct regular security audits and penetration testing, Provide identity theft protection services to affected individualsMonitor credit reports and account statements for suspicious activity, Implement stronger access controls and network segmentation, Enhance endpoint detection and response (EDR) capabilities, Conduct regular security audits and penetration testing, Provide identity theft protection services to affected individualsMonitor credit reports and account statements for suspicious activity, Implement stronger access controls and network segmentation, Enhance endpoint detection and response (EDR) capabilities, Conduct regular security audits and penetration testing, Provide identity theft protection services to affected individuals
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Healthcare entities, including clinical laboratories and pharmacies, must proactively upgrade cybersecurity defenses to protect against sophisticated ransomware groups like Embargo. Regular security assessments, endpoint detection improvements, and employee training are critical to mitigating risks of PHI exposure and operational disruptions.
References
Where can I find more information about each incident ?
Incident : ransomware RXA1362213091025
Source: The Register
Incident : ransomware RXA1362213091025
Source: HIPAA Journal
Incident : ransomware RXA1362213091025
Source: HealthcareInfoSecurity (interview with Mike Hamilton, CISO of Critical Insight)
Incident : ransomware RXA1362213091025
Source: ESET (research on Embargo ransomware)
Incident : ransomware RXA1362213091025
Source: The Cyber Express (Memorial Hospital attack)
Incident : ransomware RXA1362213091025
Source: Dark Daily (multiple articles on healthcare cyberattacks)
Incident : ransomware RXA1362213091025
Source: Reuters (Change Healthcare/BlackCat attack)
Incident : Data Breach RXA0802508111925
Source: GLOBE NEWSWIRE Press Release
Date Accessed: 2025-11-18
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Register, and Source: HIPAA Journal, and Source: HealthcareInfoSecurity (interview with Mike Hamilton, CISO of Critical Insight), and Source: ESET (research on Embargo ransomware), and Source: The Cyber Express (Memorial Hospital attack), and Source: Dark Daily (multiple articles on healthcare cyberattacks), and Source: Reuters (Change Healthcare/BlackCat attack), and Source: GLOBE NEWSWIRE Press ReleaseDate Accessed: 2025-11-18.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware RXA1362213091025
Investigation Status: ongoing (no official confirmation or detailed report from AAP)
Incident : Data Breach RXA0802508111925
Investigation Status: Ongoing (class action lawsuit investigation; AAP's internal investigation completed but details not disclosed)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through 'Important Notice' Posted On Aap Website, No Official Public Statement On Breach, Public Disclosure Via Press Release (2025-11-18) and Advisory To Monitor Credit Reports And Account Statements.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware RXA1362213091025
Stakeholder Advisories: Password Reset Notice For Apirx.Com And Rxaap.Com Users.
Customer Advisories: 'Important Notice' on AAP website regarding limited ordering capabilities
Incident : Data Breach RXA0802508111925
Stakeholder Advisories: Advisory To Affected Individuals To Monitor For Identity Theft/Fraud.
Customer Advisories: Review account statementsMonitor credit reportsContact Edelson Lechtzin LLP for legal remedies if affected
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Password Reset Notice For Apirx.Com And Rxaap.Com Users, 'Important Notice' On Aap Website Regarding Limited Ordering Capabilities, , Advisory To Affected Individuals To Monitor For Identity Theft/Fraud, Review Account Statements, Monitor Credit Reports, Contact Edelson Lechtzin Llp For Legal Remedies If Affected and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware RXA1362213091025
High Value Targets: Protected Health Information (Phi), Clinical Laboratory Data, Prescription Records,
Data Sold on Dark Web: Protected Health Information (Phi), Clinical Laboratory Data, Prescription Records,
Incident : Data Breach RXA0802508111925
Reconnaissance Period: Approximately 10 days (from October 13, 2024, to October 23, 2024)
High Value Targets: Sensitive Personal Data, Medical Records, Financial Information,
Data Sold on Dark Web: Sensitive Personal Data, Medical Records, Financial Information,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware RXA1362213091025
Root Causes: Likely Exploitation Of Vulnerabilities In Endpoint Detection Systems (Edr Bypassed Via Toolkit)., Potential Lack Of Network Segmentation Allowing Lateral Movement., Possible Phishing Or Credential Theft Enabling Initial Access.,
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.3 million (initial) + $1.3 million (additional for data suppression).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Embargo (ransomware group).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-10-23.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-18.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 1.4 TB of data (including protected health information - PHI), medical records, account details, prescription data, , Names, Addresses, Dates of birth, Social Security numbers, Passport numbers, Driver’s license/ID numbers, Bank account and routing numbers, Medical/clinical treatment details, Provider names, Medical record numbers, Health insurance information, Prescription data, Usernames and passwords and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was API Warehouse ordering system (APIRx.com)RxAAP.comemail systems (in related attacks)electronic medical record (EHR) systems (in related attacks) and Computer networkFile storage systems.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were password reset for all users on APIRx.com and RxAAP.compartial restoration of ordering capabilities and Secured systems upon detection of suspicious activity.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, prescription data, Prescription data, Usernames and passwords, Dates of birth, Driver’s license/ID numbers, Medical record numbers, Health insurance information, account details, Addresses, Medical/clinical treatment details, Passport numbers, Names, Provider names, Bank account and routing numbers, medical records and 1.4 TB of data (including protected health information - PHI).
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $1.3 million (initial) + $1.3 million (additional for data suppression).
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was $1.3 million (allegedly paid for decryption, unconfirmed by AAP).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit investigation by Edelson Lechtzin LLP, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Healthcare entities, including clinical laboratories and pharmacies, must proactively upgrade cybersecurity defenses to protect against sophisticated ransomware groups like Embargo. Regular security assessments, endpoint detection improvements, and employee training are critical to mitigating risks of PHI exposure and operational disruptions.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Educate employees on phishing and social engineering tactics to prevent initial access by threat actors., Monitor credit reports and account statements for suspicious activity, Provide identity theft protection services to affected individuals, Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo., Conduct regular security audits and penetration testing to identify vulnerabilities., Implement stronger access controls and network segmentation, Develop and test incident response plans specific to ransomware and double extortion scenarios., Segment networks to limit lateral movement by attackers., Conduct regular security audits and penetration testing, Implement multi-factor authentication (MFA) for all systems handling PHI., Enhance endpoint detection and response (EDR) capabilities, Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked., Maintain offline and encrypted backups to enable recovery without paying ransom..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Reuters (Change Healthcare/BlackCat attack), Dark Daily (multiple articles on healthcare cyberattacks), The Cyber Express (Memorial Hospital attack), GLOBE NEWSWIRE Press Release, The Register, HealthcareInfoSecurity (interview with Mike Hamilton, CISO of Critical Insight), ESET (research on Embargo ransomware) and HIPAA Journal.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (no official confirmation or detailed report from AAP).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was password reset notice for APIRx.com and RxAAP.com users, Advisory to affected individuals to monitor for identity theft/fraud, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an 'Important Notice' on AAP website regarding limited ordering capabilities and Review account statementsMonitor credit reportsContact Edelson Lechtzin LLP for legal remedies if affected.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Approximately 10 days (from October 13, 2024, to October 23, 2024).
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=rxaap' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
