The Information Highway

The Information Highway

Font size: +
2 minutes reading time (349 words)

Ransomware gang steals data of 5.8 million PharMerica patients

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica's system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

PharMerica offers one year of identity protection fraud monitoring services through Experian, so affected individuals are recommended to take up the offer to minimize the risk and impact of malicious attacks.

Data leaked by hackers

Although PharMerica does not mention the type of hacking incident, the Money Message ransomware gang claimed the attack on March 28th, 2023, when they began publishing stolen data.

Money Message listing PharMerica as its latest victim Source: BleepingComputer

Along with PharMerica, the threat actors listed BrightSpring, a health service provider that merged with PharMerica in March 2019.

Money Message claimed to have stolen 4.7 TB of data during their attack on PharMerica, stating that it consisted of at least 1.6 million unique records of personal information.

On April 9th, 2023, the timer ran out, and the threat actors published what they claim is all of the stolen data on their extortion site. Unfortunately, the files are still available for download at this time.

To make matters even worse, a threat actor has already posted the entire data dump on a clearnet hacking forum, breaking the file into 13 parts for easier downloading.

Hacker forum user reposting the PharMerica data leak Source: KELA

Money Message is a new ransomware operation that launched around March 2023, gaining media attention for its breach against Taiwanese PC parts maker MSI (Micro-Star International).

WhatsApp now lets you lock chats with a password o...
Hackers use public exploit to attack vulnerable Wo...
 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 14 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023