Canadian pharmacy chain London Drugs has closed all of its stores until further notice following a "cybersecurity incident."
On Sunday, the British Columbia-based giant with more than 80 outlets said an "operational issue" forced the closure of its locations across British Columbia, Alberta, Saskatchewan, and Manitoba.
"Pharmacists are standing by to support with urgent pharmacy needs," according to a social media post. "We advise customers to phone their local store's pharmacy to make arrangements."
A London Drugs spokesperson told The Register a "cybersecurity incident," discovered on Sunday, was behind the store closures. They declined to answer specific questions about the break-in - including if ransomware was deployed - and issued the following statement:
Out of an abundance of caution, London Drugs stores across Western Canada remain temporarily closed until further notice following the discovery that it was the victim of a cybersecurity incident on April 28, 2024.
Upon discovering the incident, London Drugs immediately undertook countermeasures to protect its network and data, including retaining leading third-party cybersecurity experts to assist with containment, remediation and to conduct a forensic investigation.
At this time, we have no reason to believe that customer or employee data has been impacted.
Pharmacists continue to stand by to support any customers with urgent pharmacy needs. We advise customers to phone their local store's pharmacy to make arrangements.
We apologize for any inconvenience caused and we want to assure you that this incident is the utmost priority for us at London Drugs.
While there is no indication who or what caused incident, or if ransomware was involved, the disruption echoes the earlier Change Healthcare ransomware infection in the US that also impacted pharmacies' ability to fill prescriptions and check patients' eligibility for medications.
And it comes as criminals increasingly target healthcare organizations and their suppliers with extortion and other cybercrimes.
In October, five southern Ontario hospitals shut down their IT systems and canceled patient appointments following a cyberattack against the hospitals' service provider TransForm.
TransForm is a nonprofit founded by the Ontario hospitals: Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health, and the Chatham-Kent Health Alliance. It manages their IT, supply chain, and accounts payable services, and transmits one million patient-related messages each day.
Ransomware crew Daixin Team took responsibility for the intrusion, and claimed to have stolen millions of patients' records that were later leaked online, after hospital officials refused to pay the gang's ransom demands. ®
Source: The register