National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company started notifying the impacted individuals via letter.
The company is the second largest in the institutional pharmacy services market, with revenues of $1.9 billion and a customer base of 330,000 “beds” in 41 U.S. states. PharMerica provides its services to senior living communities, nursing facilities, public health organizations and post-acute care organizations.
“On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.” reads the letter sent to the impacted individuals and shared with the Maine Attorney General’s Office. “The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.”
The company believes that the compromised information has not been misused for fraudulent activities or identity theft.
The security breach occurred between March 12 and March 13, threat actors had access to person’s name, address, date of birth, Social Security number, medications and health insurance information.
In response to the incident, the company enhanced its technical security measures.
The company warns that in some cases, exposed data belong to deceased individuals, for this reason, PharMerica encourages executors or surviving spouses to contact the national credit reporting agencies to request a copy of a deceased individual’s credit report along with making one of the following
notations:
Who is behind the attack?
PharMerica did not provide details about the attack, but the Money Message ransomware group claimed responsibility for the security breach and added the company to the list of victims on its Tor Leak site.
We are in the final!
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini
Please nominate Security Affairs as your favorite blog.
Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, PharMerica)
Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue…
Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands,…
A global law enforcement operation called Operation Synergia II dismantled over 22,000 malicious IPs linked…
Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record…
South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users' sensitive data, including…
Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS devices that could lead to…
This website uses cookies.