Data breach confirmed by Rite Aid following RansomHub claims

U.S. drugstore chain Rite Aid has disclosed having certain systems impacted by a "limited cybersecurity incident" last month after it had 10 GB of data claimed to have been exfiltrated by the RansomHub ransomware gang, which previously exposed data stolen from Change Healthcare earlier this year, reports The Record, a news site by cybersecurity firm Recorded Future.

While RansomHub admitted to having compromised Rite Aid customers' ID numbers and rewards numbers, Rite Aid emphasized that none of its clients' health information, financial details, and Social Security numbers have been exposed. Such a disclosure comes amid a flurry of cyberattacks against the healthcare sector, prompting Sen. Mark Warner, D-Va., to urge Department of Health and Human Services Secretary Xavier Becerra and Deputy National Security Advisor Anne Neuberger to expedite minimum cyber standards for the industry. "The stakes are too high, and the voluntary nature of the status quo is not working, especially regarding health care stakeholders that are systemically important nationally or regionally," said Warner.