Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.
According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers, medications, and health insurance information of 5,815,591 people.
The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen.
Although PharMerica does not mention the type of hacking incident, the Money Message ransomware gang claimed the attack on March 28th, 2023, when they began publishing stolen data.
Along with PharMerica, the threat actors listed BrightSpring, a health service provider that merged with PharMerica in March 2019.
Money Message claimed to have stolen 4.7 TB of data during their attack on PharMerica, stating that it consisted of at least 1.6 million unique records of personal information.