Ransomware gang steals data of 5.8 million PharMerica patients

 May 15, 2023

 

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

PharMerica offers one year of identity protection fraud monitoring services through Experian, so affected individuals are recommended to take up the offer to minimize the risk and impact of malicious attacks.

Data leaked by hackers

Although PharMerica does not mention the type of hacking incident, the Money Message ransomware gang claimed the attack on March 28th, 2023, when they began publishing stolen data.

Money Message listing PharMerica as its latest victim
Money Message listing PharMerica as its latest victim 
Source: BleepingComputer

Along with PharMerica, the threat actors listed BrightSpring, a health service provider that merged with PharMerica in March 2019.

Money Message claimed to have stolen 4.7 TB of data during their attack on PharMerica, stating that it consisted of at least 1.6 million unique records of personal information.

On April 9th, 2023, the timer ran out, and the threat actors published what they claim is all of the stolen data on their extortion site. Unfortunately, the files are still available for download at this time.

To make matters even worse, a threat actor has already posted the entire data dump on a clearnet hacking forum, breaking the file into 13 parts for easier downloading.

Forum user reposting the PharMerica data leak
Hacker forum user reposting the PharMerica data leak
Source: KELA

Money Message is a new ransomware operation that launched around March 2023, gaining media attention for its breach against Taiwanese PC parts maker MSI (Micro-Star International).

Source: https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/

- Any text modified or added by CorruptionLedger is highlighted in blue.

- [...] These characters indicate content was shortened. This is used for removing unnecessary/flowery language. Example: The oppressive government imposed a curfew becomes: The [...] government imposed a curfew.