Data Breach

PharMerica data breach impacts more than 5.8 million individuals

National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 million individuals.

National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company started notifying the impacted individuals via letter.

The company is the second largest in the institutional pharmacy services market, with revenues of $1.9 billion and a customer base of 330,000 “beds” in 41 U.S. states. PharMerica provides its services to senior living communities, nursing facilities, public health organizations and post-acute care organizations.

“On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.” reads the letter sent to the impacted individuals and shared with the Maine Attorney General’s Office. “The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.”

The company believes that the compromised information has not been misused for fraudulent activities or identity theft.

The security breach occurred between March 12 and March 13, threat actors had access to person’s name, address, date of birth, Social Security number, medications and health insurance information.

In response to the incident, the company enhanced its technical security measures.

The company warns that in some cases, exposed data belong to deceased individuals, for this reason, PharMerica encourages executors or surviving spouses to contact the national credit reporting agencies to request a copy of a deceased individual’s credit report along with making one of the following
notations:

  • “Deceased – Do not issue credit”; or
  • “If an application is made for credit, please notify the following person(s): (e.g., list a surviving
    relative, executor/trustee of the estate, and/or local law enforcement agency – notifying the
    relationship).”

Who is behind the attack?

PharMerica did not provide details about the attack, but the Money Message ransomware group claimed responsibility for the security breach and added the company to the list of victims on its Tor Leak site.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PharMerica)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue…

5 hours ago

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands,…

7 hours ago

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

A global law enforcement operation called Operation Synergia II dismantled over 22,000 malicious IPs linked…

15 hours ago

Memorial Hospital and Manor suffered a ransomware attack

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record…

16 hours ago

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users' sensitive data, including…

1 day ago

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Synology addressed a critical vulnerability in DiskStation and BeePhotos NAS devices that could lead to…

1 day ago

This website uses cookies.