PharMerica Cyber Incident Exposes 5.8 M People’s Data
Names, Addresses, Dates of Birth, Social Security Numbers and Medications, Among the Exposed Data.
PharMerica, the second largest provider of institutional pharmacy services in the United States, confirmed that it suffered a data breach that exposed the personal information of 5,815,591 people.
The company started sending notices to the impacted individuals on the 12th of May, and it seems that the incident occurred in March 2023.
On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.
What Caused the Data Breach?
According to PharMerica, the incident was caused by a third party that gained access to their systems.
The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.
What Type of Data Was Exposed?
The threat actors managed to access the following type of information:
- Dates of Birth
- Social Security Numbers
- Health Insurance Information
PharMerica warns that some of the exposed data may belong to people who are no longer living. If this is the case, the company suggests that the deceased’s successors or spouse contact the national credit reporting agencies and request a copy of a deceased individual’s credit report as well as one of the following notations:
- Deceased – Do not issue credit; or
- If an application is made for credit, please notify the following person(s): (e.g., list a surviving relative, executor/trustee of the estate, and/or local law enforcement agency – notifying the relationship. (Source)
PharMerica is confident that the stolen data has not been used for fraudulent purposes or identity theft. The incident prompted them to increase their security measures.
The official letter sent to the impacted people and shared with Maine Attorney General’s Office is available here.
Who Is Behind the Attack?
As per Security Affairs, the Money Message ransomware group took credit for the security breach and added PharMerica to its list of victims on its Tor Leak site, although PharMerica has not disclosed any information regarding the incident.
PharMerica has a customer base of 330,000 “beds” across 41 states in the US and generates over $1.9 billion in revenue. The company provides its services to nursing facilities, senior living communities, public health organizations, and post-acute care organizations.
How to Prevent Ransomware?
To improve their cybersecurity posture and prevent attacks such as ransomware, cybersecurity experts recommend:
- Regularly updating software and operating systems – never miss a patch. Companies with hundreds of endpoints could opt for automated patch management solutions.
- Network monitoring – to keep an eye out for large data exfiltration attempts.
- Deploying DNS filtering – as a preventive measure against unauthorized communication with and data exfiltration to C&C servers.
- Implementing a robust anti-ransomware encryption solution – to stop unauthorized encryption attempts.
Other measures, such as: implementing 2FA, limiting user access privileges, and training employees on cybersecurity awareness are also highly recommended. For more information on ransomware prevention, check out this comprehensive article: How to Prevent Ransomware Attacks.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Do you work for an NHS Trust? Heimdal is giving you free ransomware licenses to combat growing cyber attacks.
Get your free ransomware protection here.