Pharmacy service provider, PharMerica, disclosed a massive data breach affecting more than 5.8 million patients. Hackers broke into the PharMerica systems on March 12, 2023, stealing the full names, addresses, dates of birth, social security numbers, medications, and health insurance information.
PharMerica discovered the intrusion on March 14th, but notices of data breach were only sent to impacted individuals last Friday, that is, on May 12th.
Money Message, a new ransomware that launched around March 2023, claimed responsibility for the breach. They began publishing stolen data on March 28th. Along with PharMerica, they listed BrightSpring, a health service provider that merged with PharMerica in March 2019.
The threat actors claim to have stolen 4.7 TB of data during their attack on PharMerica, consisting of at least 1.6 million unique records of personal information. On April 9th, the timer ran out, and the threat actors published what they claim is all of the stolen data on their extortion site. Unfortunately, the files are still available for download. Moreover, the hackers divided the files into 13 parts for easier downloading, reported BleepingComputer.
PharMerica offers one year of identity protection fraud monitoring services through Experian, and affected individuals are recommended to take up the offer to minimise the risk and impact of malicious attacks.
This is one of the massive breaches that shook the medical world. PharMerica operates in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.
In April this year, Money Message hacked the hardware manufacturing giant, MSI and demanded a ransom of $4 million. In that attack, the hackers stole nearly 1.5TB of data from the company.
In the News: Amazon is working on another Lord of the Rings MMO