Main

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The information resource uses recommendation technologies. More detailed

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019, Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2026.

Advertisement
Live broadcast

Glitch attack: pharmacies could lose hundreds of millions of rubles due to hackers

In addition to Stolichka and Neopharm networks, Russian Post, Family Doctor, and Alex-fitness fitness clubs experienced system failures.
Photo: IZVESTIA/Alexey Maishev
Main slide
Beginning of the article
Озвучить текст
Select important
On
Off

In just one day, failures in the systems of the Stolichka and Neopharm pharmacy chains could have lost tens or even hundreds of millions of rubles in lost revenue, pharmaceutical market experts told Izvestia. The reason for the failure was hacker attacks, the Stolichki network said. However, Roskomnadzor did not detect any signs of a DDoS attack. On July 29, some medical institutions, as well as networks of popular fitness clubs, were subjected to a large-scale hacker attack. Users of the Russian Post also reported failures, but the company noted that the company was operating normally. What happened to these institutions and what consequences there may be for them is in the Izvestia article.

What happened to pharmacies

Most of the Stolichka and Neopharm pharmacies suspended operations on July 29, and some even on the 28th. Messages appeared on the doors: "The pharmacy is not working for technical reasons." The cash registers and accounting systems did not work, and pharmacy staff were sent on vacation.

"We have encountered a serious technical glitch due to a hacker attack, as a result of which the pharmacies were disrupted," reported the Telegram channel of Stolichka pharmacies. — Our team of specialists is working to restore the services. We apologize for any inconvenience caused."

The Neopharm Group of companies has about 1.6 thousand pharmacies in 80 cities of the Central and Northwestern Federal Districts. The website says that most of the outlets are located in Moscow and the Moscow region, St. Petersburg, Tula, Kostroma and Vladimir.

On the afternoon of July 29, identical announcements were published on the resources of both companies stating that booking drugs was unavailable, as well as viewing data on the loyalty program. They also promised that all unavailable functions will be restored soon.

As follows from the data of the Downdetector website, problems with Stolichka pharmacies began on Monday, July 28. One by one, users of the site began to complain about malfunctions, the highest level was recorded on July 29 from 13:00 to 15:00. The most frequent comments: "Why aren't Stolichki pharmacies working?", "It's impossible to place an order," "Online booking is not working." And in less than a day, there were almost six hundred complaints. Users suggested that a hacker attack had been carried out on pharmacies.

Downdetector did not register any complaints about the operation of the Neopharm network.

Problems with the digital security of pharmacies began on the same day that the Aeroflot airline was attacked by hackers — on Monday, July 28. Then, due to a technical glitch on the company's server, more than 150 flights in dozens of cities were postponed or completely canceled.

In Roskomnadzor, Izvestia was informed that the Center for Monitoring and Management of the Public Communications Network (CMU SSOP) recorded a malfunction in the operation of the Stolichka, Neopharm pharmacy chains, as well as the Family Doctor clinic.

"No signs of a DDoS attack have been detected, and the causes of the incident are being investigated," the department said.

Neopharm Group has sent a notification about this incident to Roskomnadzor.

"We are analyzing the data obtained in cooperation with the company," the agency's press service told Izvestia. Other organizations have not informed him about such situations yet.

Mail, Fitness, and Family Doctor

The failure affected not only pharmacies, but also some medical institutions. So, on July 29, the hacker attack was reported by the Moscow network of clinics "Family Doctor" (LLC "Family Doctor Medical Clinic", "Alpha Insurance Medicine"). For technical reasons, the patient's personal account and online recording service temporarily stopped working there. Doctors made appointments on a first-come, first-served basis.

"At the moment, the attack has been neutralized, the data leak has not been confirmed,— the company said. — The Family Doctor Clinic continues to receive patients. Critical services are gradually returning to normal operation."

Some users mistakenly attributed this message to another organization with a similar name, Family Doctor JSC, but they asked them not to be confused with other companies.

"Dear patients! JSC "Family Doctor" is operating normally. Information about the hacker attack, disseminated in a number of media outlets, is not related to us. The patients' data is safe," the organization's website said.

At about 17:00, Russian Post users started complaining about problems with the website and the mobile application. According to the Downdetector website, more than 500 complaints were received during the day, the geography of the failure covered Moscow and the Moscow, Tver, Kaliningrad, Samara regions, as well as Karelia and St. Petersburg.

"Put aside the panic — all Mail resources are functioning normally! The website, the mobile application — everything is reliable, secure, under control," the Russian Post reported in its Telegram channel.

Later, users also began to report that the state-owned company's website, albeit slowly, began to open.

In the evening of the same day, a massive failure was recorded in the systems of two fitness networks - A—fitness and Alex-fitness in St. Petersburg, a source told Izvestia. The mobile application stopped working, and visitors had problems visiting clubs due to the inability to verify.

What are the possible consequences for pharmacies?

The economic and reputational losses suffered by Stolichka and Neopharm pharmacy chains due to hacker attacks are likely to be minimal, said Sergey Shulyak, director of the DSM Group analytical company.

"The market is currently off—season for drug sales, so the losses won't be too big," he explained. — We also expect that companies of this level have a strong enough infrastructure that will allow them to recover quickly. There will be no consequences for reputation, because consumers have a certain attachment to pharmacy chains and hacker attacks will not affect it.

During a hacker attack, pharmacy security services usually block all server gateways and network entrances, which are usually used to make online orders, sell medicines, and exchange the internal network with external sources, said Sergey Shulyak. That is why pharmacies and their websites had to suspend their work. It may take from one to two days to eliminate the consequences of such an attack, the expert believes.

— I think that the security system of the pharmacy network of the Neopharm group of companies is at a high level, — said the expert. — Even if some servers have been re-encrypted, everything will be restored in a fairly short period of time.

According to Sergey Shulyak, other pharmacy chains have faced similar hacker threats, and two months ago there was a powerful DDoS attack on the DSM Group company, which analyzes the Russian pharmaceutical market, of which he is the director.

— There are many enemies, many companies periodically face DDoS attacks, attempts to break through the protection, — said the specialist. — Since Neopharm is a retail company, it is immediately noticeable to many. When non-public companies are attacked, it is not so noticeable.

Nikolay Bespalov, Director of Development at RNC Pharma, an analytical company, recalled that as of April 1, 2025, Neopharm has 1,623 points of sale.

— And their share in the market as a whole for medicines is about 5%, — he said. — It is difficult to estimate the scale of economic losses so far, because not all the network infrastructure has been affected. But losses can be very sensitive.

According to him, Neopharm's daily revenue averaged 305 million rubles, respectively, this is the maximum amount of losses in one day.

— But the real volume of losses is most likely many times less due to the fact that not the entire network has stopped working, — the expert added.

In any case, Neopharm's losses may amount to hundreds of millions of rubles, the expert noted. At the same time, according to him, the network is unlikely to have any serious consequences for its reputation.

"We have a lot of market participants from different industries facing such attacks," he stressed. — In the professional environment, everyone understands that this is an extraordinary event. I think consumers will also be sympathetic to this problem.

A test of strength

Attacks similar to those experienced by Stolichka and Neopharm pharmacy chains occur almost daily, and this intensity has been observed for more than three years, Igor Biryukov, General Director of Infera Security and ambassador of the Cyberdom Business club, told Izvestia.

— Disruption of information systems is often done by hacker groups to create information pipelines, which we observe, — said the expert. — The owners bear the cost of restoring performance and reputation, but not paying hackers for the purchase of data. Based on this, I can assume that these are hacktivists controlled by special services of unfriendly countries.

Today's simultaneous attacks on different pharmacy chains and the simultaneous publication of these facts suggest that hackers could have been embedded in these and other infrastructures long ago, disrupting their performance, concluded Igor Biryukov.

Pharmacies and clinics are an attractive target for hackers, said Sergey Voldokhin, CEO of Start X and a resident of the Cyberdom Business Club.

"There is a lot of sensitive data and serious consequences of hacking: financial losses, leakage of patient data and disruption of access to medicines," he said.

Attacks on companies that work directly with people most often have two goals: to cause serious financial damage and create a loud media response, added Anton Antropov, technical director of IT TASK.

"In the B2C segment, such incidents are especially painful, service disruptions are immediately noticeable to users and quickly become public knowledge, enhancing the effect of the attack," the expert said. — Usually, attackers start by invading the infrastructure unnoticeably and gaining a foothold in it. Then they study the internal systems and build an action plan.

If the attackers manage to remain unnoticed for a long time, the attack is carried out at the moment when it will be most painful for the business, Anton Antropov explained. Even one day of downtime for a large company results in significant losses.

For such an attack, one inconspicuous gap in the defense is enough. And this applies not only to individual industries — everyone is being tested for strength, the expert noted.

Переведено сервисом «Яндекс Переводчик»

Subscribe and get the news first
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The information resource uses recommendation technologies. More detailed

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2026

Live broadcast