5.8 Million PharMerica Patients' Data, Including SSN and Medical Info, Feared Stolen

PharMerica, one of the largest pharmacy service providers in the United States, recently announced that hackers had gained access to approximately six million patients’ personal data.

While the investigation is ongoing, a ransomware group known as Money Message has claimed responsibility for the data breach.

Largest Data Breach Involving Healthcare This Year

In a startling revelation, PharMerica, which operates more than 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs, has announced that the personal data of approximately six million patients may have been stolen.

The incident is the biggest compromise of healthcare data this year.

Regal Medical Group, a medical facility in Southern California, acknowledged in January that the data of more than 3.3 million patients had been accessed, making it the second-largest data breach in the United States this year.

The breach has sent shockwaves through the healthcare industry, raising concerns about the security of sensitive patient information and potential ramifications for the affected individuals.

According to a notice on PharMerica’s website, the cyber heist occurred around March 12 when “an unknown third party” gained access to computer systems and may have taken patients’ information.

The forensics revealed that hackers stole patient data by accessing the provider’s systems for two days.

Patient names, contact details, Social Security numbers, medication information, and health insurance details were among the stolen data.

However, samples of the exposed data indicate that the hackers may have also taken at least 100 patients’ protected health information.

This includes their Medicare numbers, allergy information, and a thorough diagnosis, including information about their disorders related to alcohol, drugs, and mental health.

A sample breach notification letter [PDF], filed with the Maine Attorney General, is addressed to the “Administrator/Executor of the Estate,” – indicating that at least some of the private data obtained in the hack belonged to deceased people.

Of course, this won’t stop internet criminals from exploiting their identities to commit fraud.

PharMerica and its parent company, BrightSpring Health Services, claimed to have discovered the unusual network activity on March 14.

However, the healthcare company has already initiated an extensive investigation into the breach, working with cybersecurity experts and law enforcement to identify the extent of the data theft and vulnerabilities.

In a statement published on its website, the pharmacy company assured victims that it is taking additional precautions to prevent a similar breach from occurring again, but it did not specify what those precautions are.

Ransomware Group Claims Responsibility

In another development, a ransomware group called Money Message has claimed responsibility for the hack.

The Money Message ransomware gang, a relatively new operation first noticed in March 2023, posted this stolen information on the gang’s dark web leak website.

According to Money Message, PharMerica and its parent business, BrightSpring Health, had 4.7 gigabytes of data extracted from them.

Aside from this, the cyberattack against Taiwanese hardware manufacturer Micro-Star International, also known as MSI, in which vast amounts of data, including the business’s confidential code-signing keys, were compromised, was attributed to the same ransomware gang.

However, neither BrightSpring Health nor PharMerica has confirmed whether the incident involved ransomware.

For the millions of patients whose data may have been compromised, the breach poses significant risks to their personal and financial well-being.

With access to this information, cybercriminals can perpetrate identity theft, fraudulently obtain medical services, or even sell the data on the dark web.

The fallout from such incidents can be devastating, leading to financial ruin, compromised medical records, and a loss of trust in healthcare institutions.

The incident at PharMerica serves as a wake-up call for the entire healthcare industry.

With the increasing reliance on digital systems and the accumulation of vast amounts of patient data, the vulnerability to cyberattacks is higher than ever.

Healthcare organizations must prioritize data security and invest in a robust cybersecurity infrastructure to safeguard patient information.

Nevertheless, the legal teams are hovering overhead, and it is likely that a new action lawsuit will be filed in response to the breach.

What's the Best Crypto to Buy Now?

  • B2C Listed the Top Rated Cryptocurrencies for 2023
  • Get Early Access to Presales & Private Sales
  • KYC Verified & Audited, Public Teams
  • Most Voted for Tokens on CoinSniper
  • Upcoming Listings on Exchanges, NFT Drops