2 min Security

Ransomware attackers steal data on 5.8 million PharMerica patients

Ransomware attackers steal data on 5.8 million PharMerica patients

The ransomware group Money Message has stolen the data of 5.8 million patients. The ransomware gang also breached the servers of Brightspring Health Services.

This week BleepingComputer reported that the Money Message ransomware group had stolen the personal data of 5.8 million patients of the PharMerica pharmacy services provider.

The Louisville, Kentucky based PharMerica operates in all 50 US states. It has 180 local and 70,000 backup pharmacies, and serves 3,100 medical facilities nationwide.

The breach, which took place on March 12, 2023, resulted in the exfiltration of personal data of 5,815,591 people. The data includes the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of PharMerica patients.

“Money Message” claims responsibility

The Money Message ransomware gang claimed responsibility for the attack on March 28. The group also claims to have breached BrightSpring, a health service provider that merged with PharMerica in 2019. After a ransom payment was not forthcoming by April 9, the cut-off date for payment, the group dumped all the stolen records on a hacking site.

PharMerica discovered the breach on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

By way of mitigation, PharMerica is offering its customers one year of identity protection fraud monitoring services through Experian. Affected patients are recommended to take up the offer to minimize the risk and impact of malicious attacks.

The data is publicly available

Money Message claimed to have stolen 4.7 TB of data during their attack on PharMerica. The criminals stated that the data trove consisted of at least 1.6 million unique records of personal information.

On April 9th, 2023 the threat actors published the stolen data on their extortion site. Unfortunately, the files are still available for download at this time. Another threat actor has already posted the entire data dump on a clearnet hacking forum. They have broken down the file into 13 parts for easier downloading.

In their breach notification letters to patients, PharMerica apologised. “We value the trust you place in us to protect your privacy, take our responsibility to safeguard your personal information seriously, and deeply regret any inconvenience this incident might cause”, they said.