Cyberattack shuts down hundreds of Russian pharmacies, disrupts healthcare services

Hundreds of pharmacies across Russia shut down this week after a cyberattack hit two of the country’s largest pharmacy chains, disrupting payments and access to medication reservations for patients.

The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack. As of Wednesday, Stolichki was still working to fully restore its services, with about half of its stores reopened.

Another major chain, Neofarm, which runs more than 110 pharmacies in Moscow and St. Petersburg, also suspended operations, posting notices at storefronts citing “technical issues.” Online services for both chains, including drug reservations and loyalty programs, were disrupted, and employees were sent home.

Stolichki and Neofarm are part of the same holding company, previously controlled by former State Duma lawmaker Yevgeny Nifantiev. In 2022, after being targeted by Western sanctions over his support for Russia’s invasion of Ukraine, Nifantiev transferred his shares to an investment fund. However, local media reports suggest he may still retain indirect control over the business.

In addition to the pharmacy chains, Moscow’s Family Doctor clinic network also reported a cyber incident this week, which temporarily disabled its patient portal and online appointment system. Staff told the state news agency that patients were now being seen on a walk-in basis. It remains unclear whether the incident is connected to the pharmacy cyberattacks.

Russia’s state internet watchdog, Roskomnadzor, said the disruptions were not caused by distributed denial-of-service (DDoS) attacks but did not elaborate on the method or origin of the hacks.

So far, no group has claimed responsibility for the breaches. Local media reported that many users in darknet forums condemned the targeting of medical services as unethical, suggesting the attacks may have geopolitical motivations.

The incident comes amid a surge in cyberattacks on Russian businesses this month. Earlier this week, a cyberattack on Aeroflot, the country’s largest airline, caused widespread flight delays and cancellations. The pro-Ukrainian hacker group Silent Crow and the Belarusian Cyber Partisans claimed responsibility for that breach, which targeted critical airline infrastructure.

Separately, a ransomware attack this month disrupted operations at Novabev Group, a major Russian alcohol producer, forcing more than 2,000 WineLab liquor stores to shut down for three days. The company said it refused to negotiate with the attackers despite receiving a ransom demand.

On Wednesday, one of St. Petersburg’s largest internet providers experienced a network outage due to a DDoS attack. The company described the incident as “malicious activity” but has not attributed the attack to a specific group.