Assisted Living Pharmacy Service LLC (ALPS), a Wisconsin-based long-term care pharmacy, suffered a Qilin ransomware attack between June 25–27, 2025, compromising the personally identifiable information (PII) and protected health information (PHI) of at least 5,590 individuals. The breach exposed highly sensitive data, including names, addresses, Social Security numbers, driver’s license/state ID numbers, medical records (lab results, prescriptions, treatment info), health insurance claims, and financial details (payment card data). The attackers, Qilin ransomware group, claimed to have stolen 150 GB of data, posting proof on their dark web portal and threatening public exposure or extortion. The incident was discovered on June 26, 2025, with investigations confirming unauthorized network access. ALPS disclosed the breach to the U.S. Department of Health and Human Services (HHS) on August 12, 2025, and notified affected individuals via mail. The breach impacts patients who received services between January 2024 and June 2025, posing severe risks of identity theft, financial fraud, and medical data exploitation. ALPS advised victims to monitor accounts, place fraud alerts, and beware of phishing attempts.
Source: https://www.claimdepot.com/data-breach/assisted-living-pharmacy-service-2025
TPRM report: https://www.rankiteo.com/company/alpsrx
"id": "alp3802638091325",
"linkid": "alpsrx",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '5,590 individuals (patients who '
'received prescription services '
'between Jan. 2024 and June '
'2025)',
'industry': 'Healthcare',
'location': 'Wisconsin, USA',
'name': 'Assisted Living Pharmacy Service LLC (ALPS)',
'type': 'Long-Term Care Pharmacy'}],
'attack_vector': 'Network Intrusion',
'customer_advisories': ['Review notices from ALPS.',
'Monitor financial accounts and credit reports.',
'Place fraud alerts or credit freezes if necessary.',
'Beware of phishing attempts.'],
'data_breach': {'data_exfiltration': 'Yes (150 GB of Data Stolen)',
'number_of_records_exposed': '5,590',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
"Driver's License/State ID "
'Numbers',
'Medical Records',
'Lab Results',
'Prescribed Medications',
'Treatment Information',
'Health Insurance Claim '
'Information',
'Financial Information (Payment '
'Card Details)']},
'date_detected': '2025-06-26',
'date_publicly_disclosed': '2025-08-12',
'description': 'Assisted Living Pharmacy Service LLC (ALPS), a '
'Wisconsin-based long-term care pharmacy, experienced a data '
'breach affecting at least 5,590 individuals. The Qilin '
'ransomware group claimed responsibility, asserting they '
'obtained 150 GB of organizational data, including PII and '
'PHI. The breach was discovered on June 26, 2025, with '
'unauthorized access occurring between June 25, 2025, and June '
'27, 2025. Exposed data includes names, addresses, Social '
'Security numbers, medical records, financial information, and '
'more.',
'impact': {'brand_reputation_impact': 'Potential Damage (Public Disclosure of '
'Breach)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (SSNs, Financial Data, Medical '
'Records Exposed)',
'legal_liabilities': 'Potential (HIPAA Violation)',
'payment_information_risk': 'High (Payment Card Details Exposed)',
'systems_affected': ['Computer Environment', 'Network']},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (Sample screenshots '
'posted as proof)',
'high_value_targets': ['PII',
'PHI',
'Financial Data']},
'investigation_status': 'Completed (Review finalized on Aug. 8, 2025)',
'motivation': ['Data Theft', 'Extortion', 'Financial Gain'],
'ransomware': {'data_exfiltration': 'Yes (150 GB)',
'ransomware_strain': 'Qilin'},
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft.',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus.',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information.'],
'references': [{'source': 'Assisted Living Pharmacy Service LLC (ALPS) - '
'Notice of Data Event',
'url': 'https://alpsrx.com'},
{'date_accessed': '2025-08-12',
'source': 'Qilin Ransomware Group Dark Web Post'},
{'date_accessed': '2025-08-12',
'source': 'U.S. Department of Health and Human Services (HHS) '
'Breach Portal'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA (Potential)'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (HHS)']},
'response': {'communication_strategy': ['State and Federal Disclosures (HHS)',
'Notice of Data Event on Website',
'Mail Notifications to Affected '
'Individuals'],
'containment_measures': 'Network Activity Investigation, '
'Unauthorized Access Termination',
'incident_response_plan_activated': 'Yes (Containment Measures '
'Implemented)'},
'stakeholder_advisories': 'Notice of Data Event published on website; mail '
'notifications to affected individuals.',
'threat_actor': 'Qilin Ransomware Group',
'title': 'Data Breach at Assisted Living Pharmacy Service LLC (ALPS)',
'type': ['Data Breach', 'Ransomware Attack']}