Ransomware Attack on Allcare Medical Management Inc. by LockBit 3.0

Incident Date:

May 16, 2024

World map



Ransomware Attack on Allcare Medical Management Inc. by LockBit 3.0


Allcare Medical Management Inc.




San Bernardino, USA

California, USA

First Reported

May 16, 2024

Ransomware Attack on Allcare Medical Management Inc. by LockBit 3.0

Victim Overview

Allcare Medical Management Inc. (AMMI) is a leading provider of practice management solutions for medical practices. Founded in 2005, AMMI aims to streamline business processes in modern-day medical practices. The company, headquartered in San Bernardino, California, employs approximately 427 staff members and generated revenue of $6.1 million. AMMI offers services such as reducing office expenses, billing management, accounts receivable, practice management, electronic health records, payroll, and bookkeeping. The company's commitment to excellence and execution has led to industry-leading associate and client retention rates.

Company Profile

Allcare operates in the Healthcare Services sector, providing medical supplies and equipment to healthcare professionals and individuals. The company stands out in the industry due to its focus on improving medical practice efficiency through seamless solutions.

Attack Overview

The company recently fell victim to a cybercrime attack by LockBit 3.0. The attacker targeted the company's website using ransomware to encrypt its data. This attack was likely intended to extort a ransom from the victim for the decryption of the data.

Ransomware Group Details

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that evolved from the LockBit ransomware group. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active. It encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. LockBit 3.0 has advanced features like lateral movement through networks and self-covering tracks, making it more evasive and modular than previous variants.

Company Vulnerabilities

The attacked company may have been targeted by threat actors due to its position in the healthcare industry, where data security and patient privacy are paramount. The company's extensive client base and financial transactions could have made it an attractive target for ransomware attacks. Additionally, the nature of AMMI's services, which involve managing sensitive medical and financial data, could have exposed vulnerabilities that threat actors exploited to carry out the attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.