PharMerica breach exposes data of 5.8 million customers

PharMerica, which serves patients in 50 states and operates over 180 local pharmacies and 70,000 backup pharmacies, is the second largest pharmacy services provider in the USA.

 Game, Dice

PharMerica disclosed that it suffered a cyberattack, exposing the sensitive information of over 5.8 million of its customers.

In a letter to the affected customers, PharMerica stated that it discovered the breach on 14 March 2023. The letter mentioned that ‘The investigation determined that an unknown third party accessed our computer systems from March 12-13th, 2023, and that certain personal information may have been obtained from our systems as a part of the incident’.

The letter also noted that the attackers gained access to customer names, addresses, dates of birth, Social Security numbers (SSNs), medications, and health insurance information. PharMerica assured the affected customers they will be provided a year of identity protection and fraud monitoring services through a third-party company. The affected customers were advised to stay vigilant against potential attacks.

While the company has not specified the type of cyberattack, it is believed to be a ransomware attack. Ransomware syndicate Money Message listed PharMerica as their latest victim on their dark web blog in late March, along with another healthcare provider. Several blog updates indicate that the gang has leaked the stolen 4.7 terabytes of sensitive information.

money message post
PharMerica breach exposes data of 5.8 million customers 2

Post on Money Message’s dark web blog. Source: CyberNews