HQ/EMEAFind out how we can help your business
PharMerica, a pharmacy services provider, notified its personnel regarding a massive data breach incident against its systems that could have impacted more than five million patients. Reports revealed that the hackers obtained medical data during the breach.
The compromised company currently provides pharmacy services in 50 United States, operating 180 local and 70,000 backup pharmacies. In addition, it provides assistance to over 3,000 facilities in the US.
PharMerica suffered the breach earlier this year.
According to a data breach notification, the attackers infiltrated PharMerica last March. The hackers allegedly harvested nearly six million individuals’ data, such as names, addresses, DoBs, SSNs, medications, and health insurance information.
The company identified the attack on March 14th, and its initial investigation revealed that the client data had been stolen. However, the company only disseminated notification letters to compromised individuals this month.
The PharMerica team offers one year of identity protection and fraud monitoring services. Experts urged these affected patients to take the offer to mitigate the risk and damage the malicious attacks could cause soon.
On the other hand, the Money Message ransomware gang claimed the attack on March 28th, 2023, was significantly older than disseminating the notification letters to the infected individuals. PharMerica did not specify the types of hacking incidents, but the group has already started publishing stolen information.
The alleged attackers have also listed another health service provider other than PharMerica. Interestingly, the second company affected by the attack merged with PharMerica in 2019.
The same hackers claimed to have stolen 4.7 terabytes of data during their attack last March, indicating that it contained at least 1.6 million unique personal data records.
Unfortunately, the exposed files are still available for download today since the time sent by the threat actors expired last April, indicating that the company did not comply with the group’s demands.
Furthermore, a separate threat group had already published the entire data dump on a well-known hacking forum, breaking the stolen file into 13 parts to download the files easily.
PharMerica patients should be vigilant with unwanted communications from now on as the threat actors released data that other threat groups could have used to execute malicious attacks like phishing campaigns.
