Cyber Incident Victim: Ravkoo
Date:
Sep 2021
Location:
United States of America
Summary
A US online pharmacy experienced a cybersecurity attack targeting its AWS-hosted prescription portal, potentially compromising personal and health information of approximately 105,000 individuals. An unauthorized party exploited a hidden admin panel accessible to any user, leading to possible exposure of prescription records—reportedly including 340,000 prescriptions—though no evidence indicated access to Social Security Numbers or subsequent misuse. The company engaged forensic investigators, notified federal law enforcement, and provided affected customers with identity monitoring services. The incident aligned with public claims by a hacker who described breaching the system as exceptionally straightforward.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 27, 2021, US online pharmacy Ravkoo detected a cybersecurity attack targeting its AWS-hosted cloud prescription portal. The company initiated a forensic investigation, which concluded on October 27, 2021, revealing that an unauthorized third party had attempted to infiltrate the portal and potentially compromised certain prescription and health information. Ravkoo notified approximately 105,000 affected customers via data breach letters on January 3, 2022, disclosing that personal and health information could have been accessed during the incident. The company confirmed it does not store Social Security Numbers on the affected portal and found no evidence of SSN access. According to contemporaneous reports from The Intercept, an anonymous hacker claimed responsibility for the breach, describing Ravkoo's systems as "hilariously easy" to penetrate through a hidden admin panel accessible to any user. The hacker allegedly provided records of 340,000 prescriptions filled between November 3, 2020, and September 11, 2021, representing approximately $8.5 million in drug costs, though Ravkoo's official communications did not acknowledge these specific figures.
Ravkoo CEO Alpesh Patel publicly confirmed the incident was reported to the FBI, with the company cooperating in the federal investigation. The pharmacy found no evidence of information misuse or identity theft reports linked to the breach as of their January 2022 disclosure. Affected individuals were offered one year of complimentary identity monitoring services through Kroll Information Assurance. While Ravkoo's notifications to state Attorney General offices aligned with The Intercept's initial reporting timeline, the company did not publicly address the hacker's claims regarding the admin panel vulnerability or the discrepancy between the reported 340,000 prescriptions and the 105,000 notified customers. A Ravkoo spokesperson declined to provide additional comments when contacted by BleepingComputer regarding breach specifics.