American Associated Pharmacies (AAP) Company CyberSecurity Posture

rxaap.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

American Associated Pharmacies (AAP) is a member-owned cooperative that prides itself on providing the most progressive, effective, and forward-thinking programs and services designed to put profit back in the independent pharmacy. AAP is a truly independent pharmacy co-operative that puts you in control by offering fully customized programs and services that best fit YOUR store. Keep in mind, you’ll own it all too.

American Associated Pharmacies (AAP) A.I CyberSecurity Scoring

AAP

Company Details

Linkedin ID:

rxaap

Website:

http://www.rxaap.com

Employees number:

138

Number of followers:

3,872

NAICS:

3254

Industry Type:

Pharmaceutical Manufacturing

Homepage:

rxaap.com

IP Addresses:

Scan still pending

Company ID:

AME_1610583

Scan Status:

In-progress

AI scoreAAP Risk Score (AI oriented)

Between 600 and 649

https://images.rankiteo.com/companyimages/rxaap.jpeg
AAP Pharmaceutical Manufacturing
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreAAP Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/rxaap.jpeg
AAP Pharmaceutical Manufacturing
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

American Associated Pharmacies (AAP)

Poor
Current Score
608
Caa (Poor)
01000
2 incidents
0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
608
NOVEMBER 2025
607
OCTOBER 2025
605
SEPTEMBER 2025
602
AUGUST 2025
599
JULY 2025
596
JUNE 2025
593
MAY 2025
590
APRIL 2025
587
MARCH 2025
583
FEBRUARY 2025
580
JANUARY 2025
577
DECEMBER 2024
689
Ransomware
02 Dec 2024 • American Associated Pharmacies (AAP)
American Associated Pharmacies Ransomware Attack by Embargo

American Associated Pharmacies (AAP), a Scottsboro, Ala.-based pharmacy network overseeing over **2,000 independent pharmacies**, suffered a **ransomware attack** by the **Embargo group**. Hackers stole **1.4 TB of data**, including **protected health information (PHI)** and **clinical laboratory testing records**, encrypting files and demanding **$1.3 million** for decryption. AAP reportedly paid the initial ransom, but Embargo later demanded an **additional $1.3 million** to prevent data leakage. The attack disrupted **API Warehouse operations**, forcing password resets for **APIRx.com and RxAAP.com**. The breach exposed **thousands of patients’ medical and account details**, with potential long-term risks of identity theft and fraud. The incident follows similar attacks on **Memorial Hospital (Georgia)** and **Weiser Memorial Hospital (Idaho)**, highlighting Embargo’s **sophisticated EDR-killer toolkit** and **double-extortion tactics** (encryption + data leak threats).

570
critical -119
RXA1362213091025
Incident Details -
Type
ransomware data breach double extortion
Attack Vector
endpoint detection and response (EDR) killer toolkit data exfiltration file encryption
Motivation
financial gain (ransom extortion)
Impact
1.4 TB of data (including protected health information - PHI) medical records account details prescription data API Warehouse ordering system (APIRx.com) RxAAP.com email systems (in related attacks) electronic medical record (EHR) systems (in related attacks) limited ordering capabilities restored (partial recovery) four-week outage at Weiser Memorial Hospital (related attack) switch to paper-based systems (in related attacks) disruption of pharmacy order processing Brand Reputation Impact: high (potential exposure of sensitive patient data, public ransom demands) Identity Theft Risk: high (PHI and account details compromised)
Response
Incident Response Plan Activated: likely (password resets implemented) password reset for all users on APIRx.com and RxAAP.com partial restoration of ordering capabilities limited ordering capabilities restored for API Warehouse 'Important Notice' posted on AAP website no official public statement on breach
Data Breach
protected health information (PHI) clinical laboratory testing data medical records account details prescription data Sensitivity Of Data: high (includes PHI and medical records) Data Exfiltration: 1.4 TB of data stolen Data Encryption: files encrypted by ransomware Personally Identifiable Information: likely (PHI includes PII)
Regulatory Compliance
potential HIPAA violations (PHI compromised)
Lessons Learned
Healthcare entities, including clinical laboratories and pharmacies, must proactively upgrade cybersecurity defenses to protect against sophisticated ransomware groups like Embargo. Regular security assessments, endpoint detection improvements, and employee training are critical to mitigating risks of PHI exposure and operational disruptions.
Recommendations
Implement multi-factor authentication (MFA) for all systems handling PHI. Enhance endpoint detection and response (EDR) capabilities to counter tools like those used by Embargo. Conduct regular security audits and penetration testing to identify vulnerabilities. Develop and test incident response plans specific to ransomware and double extortion scenarios. Educate employees on phishing and social engineering tactics to prevent initial access by threat actors. Segment networks to limit lateral movement by attackers. Maintain offline, encrypted backups to enable recovery without paying ransom. Monitor dark web and threat intelligence feeds for signs of stolen data being sold or leaked.
Investigation Status
ongoing (no official confirmation or detailed report from AAP)
Customer Advisories
'Important Notice' on AAP website regarding limited ordering capabilities
Stakeholder Advisories
password reset notice for APIRx.com and RxAAP.com users
Initial Access Broker
protected health information (PHI) clinical laboratory data prescription records Data Sold On Dark Web: likely (Embargo threatens to publish data if additional ransom is not paid)
Post Incident Analysis
Likely exploitation of vulnerabilities in endpoint detection systems (EDR bypassed via toolkit). Potential lack of network segmentation allowing lateral movement. Possible phishing or credential theft enabling initial access.
References
Blog URL Source URL
OCTOBER 2024
753
Breach
13 Oct 2024 • American Associated Pharmacies (AAP)
American Associated Pharmacies (AAP) Data Breach and Ransomware Incident

American Associated Pharmacies (AAP), a cooperative supporting over 2,000 independent U.S. pharmacies, suffered a **data breach** in October 2024. Hackers infiltrated AAP’s network on **October 13, 2024**, exfiltrating sensitive personal and financial data before encrypting files. The compromised information includes **names, addresses, dates of birth, Social Security numbers, passport/driver’s license details, bank/routing numbers, medical records (treatment data, prescriptions, insurance info), and credentials (usernames/passwords)**. The breach poses severe risks of **identity theft, financial fraud, and medical data exploitation**, affecting customers, employees, and affiliated pharmacies. AAP secured its systems upon detection (October 23, 2024) and launched an investigation, while law firm **Edelson Lechtzin LLP** is pursuing a **class-action lawsuit** for victims. The incident underscores critical vulnerabilities in handling **highly regulated health and financial data**, with potential long-term reputational and operational damage to AAP and its pharmacy network.

687
critical -66
RXA0802508111925
Incident Details -
Type
Data Breach Ransomware
Impact
Names Addresses Dates of birth Social Security numbers Passport numbers Driver’s license/ID numbers Bank account and routing numbers Medical/clinical treatment details Provider names Medical record numbers Health insurance information Prescription data Usernames and passwords Computer network File storage systems Brand Reputation Impact: Potential reputational damage due to exposure of highly sensitive personal and medical data; class action lawsuit initiated. Legal Liabilities: Class action lawsuit investigation by Edelson Lechtzin LLP for data privacy violations. Identity Theft Risk: High (due to exposure of SSNs, financial data, and medical records) Payment Information Risk: High (bank account/routing numbers, usernames/passwords exposed)
Response
Secured systems upon detection of suspicious activity Public disclosure via press release (2025-11-18) Advisory to monitor credit reports and account statements
Data Breach
Personally Identifiable Information (PII) Protected Health Information (PHI) Financial Information Authentication Credentials Sensitivity Of Data: High (includes SSNs, medical records, financial data, and credentials)
Regulatory Compliance
Class action lawsuit investigation by Edelson Lechtzin LLP
Recommendations
Monitor credit reports and account statements for suspicious activity Implement stronger access controls and network segmentation Enhance endpoint detection and response (EDR) capabilities Conduct regular security audits and penetration testing Provide identity theft protection services to affected individuals
Investigation Status
Ongoing (class action lawsuit investigation; AAP's internal investigation completed but details not disclosed)
Customer Advisories
Review account statements Monitor credit reports Contact Edelson Lechtzin LLP for legal remedies if affected
Stakeholder Advisories
Advisory to affected individuals to monitor for identity theft/fraud
Initial Access Broker
Reconnaissance Period: Approximately 10 days (from October 13, 2024, to October 23, 2024) Sensitive personal data Medical records Financial information
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for American Associated Pharmacies (AAP) is 608, which corresponds to a Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 607.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 605.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 602.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 599.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 596.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 593.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 590.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 587.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 583.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 580.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 577.

Over the past 12 months, the average per-incident point impact on American Associated Pharmacies (AAP)’s A.I Rankiteo Cyber Score has been 0 points.

You can access American Associated Pharmacies (AAP)’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/rxaap.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view American Associated Pharmacies (AAP)’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/rxaap.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.