article featured image


PharMerica, the second largest provider of institutional pharmacy services in the United States, confirmed that it suffered a data breach that exposed the personal information of 5,815,591 people.

The company started sending notices to the impacted individuals on the 12th of May, and it seems that the incident occurred in March 2023.

On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.


What Caused the Data Breach?

According to PharMerica, the incident was caused by a third party that gained access to their systems.

The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.


What Type of Data Was Exposed?

The threat actors managed to access the following type of information:

  • Names
  • Addresses
  • Dates of Birth
  • Social Security Numbers
  • Medications
  • Health Insurance Information

PharMerica warns that some of the exposed data may belong to people who are no longer living. If this is the case, the company suggests that the deceased’s successors or spouse contact the national credit reporting agencies and request a copy of a deceased individual’s credit report as well as one of the following notations:

  • Deceased – Do not issue credit; or
  • If an application is made for credit, please notify the following person(s): (e.g., list a surviving relative, executor/trustee of the estate, and/or local law enforcement agency – notifying the relationship. (Source)

PharMerica is confident that the stolen data has not been used for fraudulent purposes or identity theft. The incident prompted them to increase their security measures.

The official letter sent to the impacted people and shared with Maine Attorney General’s Office is available here.

Who Is Behind the Attack?

As per Security Affairs, the Money Message ransomware group took credit for the security breach and added PharMerica to its list of victims on its Tor Leak site, although PharMerica has not disclosed any information regarding the incident.

PharMerica Data Breach Ransomware Message


PharMerica has a customer base of 330,000 “beds” across 41 states in the US and generates over $1.9 billion in revenue. The company provides its services to nursing facilities, senior living communities, public health organizations, and post-acute care organizations.

How to Prevent Ransomware?

To improve their cybersecurity posture and prevent attacks such as ransomware, cybersecurity experts recommend:

Other measures, such as: implementing 2FA, limiting user access privileges, and training employees on cybersecurity awareness are also highly recommended. For more information on ransomware prevention, check out this comprehensive article: How to Prevent Ransomware Attacks.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Do you work for an NHS Trust? Heimdal is giving you free ransomware licenses to combat growing cyber attacks.

Get your free ransomware protection here.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *