Fraud Management & Cybercrime , Ransomware

PharMerica Reports Breach Affecting Nearly 6 Million People

Money Message Ransomware Group Threatens to Release 1.6 Million Records
PharMerica Reports Breach Affecting Nearly 6 Million People
Image: Shutterstock

Institutional pharmacy PharMerica said the personal data of nearly 6 million current and deceased patients was caught up in a March hacking incident.

See Also: OnDemand | Hacker’s Guide to Ransomware Mitigation and Recovery

In letters sent to 5.8 million individuals, the Kentucky company said hackers obtained names, birthdates and Social Security numbers as well as medications and health insurance information.

The Money Message ransomware group claimed to be the attacker, posting on its dark web leak site multiple spreadsheets the group said contain patient data. It also posted apparent internal business documents including market models and balance sheets.

A 4.7-terabyte database "with 1.6M minimum records of personal data" will "be revealed soon," the group said. The hacking incident would be the largest so far reported this year to federal regulators.

The company's last available quarterly report from 2017, filed shortly after private equity firm KKR bought it for $1.4 billion, described it as the second-largest institutional pharmacy services company in the U.S. based on revenue and customer-licensed beds. KKR has since merged PharMerica with BrightSpring Health Services to form a corporation with approximately $4.5 billion in annual revenue.

PharMerica is telling patients it spotted suspicious network activity on March 14 and that hackers were able to access its systems for two days prior to that.

It is unclear what the ransom demand was and how many databases were accessed by the threat actors. A Money Market spokesperson told databreaches.net that there had been some negotiations, but the sides reached an impasse.

The Money Message ransomware group's activity is fairly new. Researchers from Cyble said it first became apparent in March. The group in April claimed responsibility for an attack against the Taiwanese PC giant Micro-Star International and demanded a $4 million ransom (see: Hackers Leak Private Keys; Many MSI Products at Risk).


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.