The hacker group 0mid16B launched an attack against Apex Custom Software. On January 20, the perpetrators claimed to have erased all data from the company’s servers and threatened to publish it unless Apex agreed to cooperate. Initially, reports mentioned Cardinal Health as a target, but it was later clarified that the primary victim was Apex, while Cardinal Health was merely one of its clients.
Apex specializes in developing software for the medical sector, offering solutions for pharmaceutical inventory management, medical licensing oversight, asset tracking, and telemedicine. It appears the company did not take immediate countermeasures, as the hackers asserted they maintained access to the systems even days after the initial breach.
Representatives of 0mid16B stated that they initially contacted Apex, only to receive a mere $1,000 settlement offer, which they found insulting. The cybercriminals claimed to have conducted their own investigation, discovering that the company’s owner possessed real estate assets exceeding $1,000,000. In response, the hackers decided to expose the compromised data.
On January 27, DataBreaches.net attempted to reach Apex for a statement, but received no response. A similar inquiry was directed to Cardinal Health, which likewise ignored the request. Meanwhile, the U.S. Department of Health and Human Services reported a breach affecting 1,500 patient records, though it remains unclear whether this figure represents all of Apex’s clients or just one affected entity.
By January 29, 0mid16B claimed they still had access to Apex’s systems. The hackers emphasized that the company’s software failed to meet fundamental security standards and had not undergone an audit before deployment. According to their claims, an attacker with such access could potentially manipulate medication prescriptions, posing significant risks to patient safety.
On February 1, 0mid16B followed through on their threat, publishing the source code for Apex’s pharmaceutical inventory management software along with a portion of Cardinal Health employees’ credentials, including plaintext passwords. This escalation not only endangers Apex’s clients but also puts the company’s partners at risk. However, the leaked data did not include protected patient health records, and the full extent of the damage remains uncertain.
