PharMerica Patients at Risk: Ransomware Attackers Steal Data of 5.8 Million Individuals

IT Services provider PharMerica has recently announced a significant data breach that affected more than 5.8 million patients, compromising their medical information and making it available to hackers.

PharMerica is present in 50 states in the US, operating 180 local and 70,000 backup pharmacies, and catering to 3,100 medical facilities across the country.

As per a data breach notification filed with the Office of the Maine Attorney General, PharMerica’s system was hacked on March 12th, 2023, and hackers stole the complete details of 5,815,591 individuals, including their full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information.

PharMerica discovered the intrusion on March 14th, 2023, and its investigation established on March 21st that hackers had been able to steal client data. However, PharMerica sent out notifications of the data breach only last Friday, May 12th, 2023.

PharMerica is offering one year of identity protection fraud monitoring services to affected individuals through Experian, and it is highly recommended that they take up the offer to minimize the risk of further attacks.

How Were Hackers Able to Steal Patients’ Information in Both the HCA and PharMerica Data Breaches?

In the face of a massive data breach at hca, hackers exploited vulnerabilities within the system, resulting in the theft of patients’ information. Similarly, PharMerica endured a similar fate as hackers targeted their network, compromising patient data. These incidents highlight the pressing need for robust cybersecurity measures to safeguard sensitive information and protect individuals from such malicious activities.

Data Exposed by Hackers

Although PharMerica did not specify the type of hacking incident, the Money Message ransomware gang claimed responsibility for the attack on March 28th, 2023, when they started publishing the stolen data.

Besides PharMerica, the threat actors also listed BrightSpring, a health service provider that merged with PharMerica in March 2019. Money Message claimed to have stolen 4.7 TB of data during their attack on PharMerica, consisting of at least 1.6 million unique records of personal information.

The timer ran out on April 9th, 2023, and the threat actors published what they claim is all of the stolen data on their extortion site. Unfortunately, the files are still available for download at this time.

To make matters worse, a threat actor has already posted the entire data dump on a clearnet hacking forum, breaking the file into 13 parts for easier downloading.

Money Message is a new ransomware operation that gained attention for its attack against Taiwanese PC parts maker MSI (Micro-Star International) in March 2023.