Cyber Incident Victim: Audifarma

On January 22, 2023, Colombian pharmacy chain Audifarma experienced a cyberattack targeting its technological infrastructure. The company confirmed the incident via an official statement, disclosing that unauthorized external actors breached their systems. Immediate impacts included the disruption of Audifarma’s primary website (audifarma.com.co), its mobile application (Audifarma App), and critical services such as virtual appointment scheduling (Turno Virtual), home delivery requests for medications, and appointment booking systems. Upon detecting the intrusion, the organization activated pre-established cybersecurity protocols, including the deliberate disabling of all physical and virtual servers to isolate the threat and protect sensitive organizational and user data. Audifarma emphasized that no ransomware group had publicly claimed responsibility for the attack as of January 24, and the company did not confirm whether ransomware was involved in its communications.

Audifarma engaged multinational cybersecurity experts to analyze compromised systems and restore services, though full functionality remained unresolved by January 24, with its main website still inaccessible due to connection timeouts. Despite digital service interruptions, the company maintained in-person prescription fulfillment at all national locations during regular operating hours. Legal measures were initiated to pursue criminal charges against the perpetrators, with Audifarma publicly condemning cyberattacks on healthcare-sector entities for endangering public health. The firm committed to ongoing monitoring of the situation and pledged to provide users with updates on restoration progress. No evidence of data exfiltration or specific attacker tactics was disclosed, and the company reassured users that security mechanisms were in place to safeguard their private information throughout the incident response.