PharMerica, one of the largest US-based pharmacy services providers, suffered a ransomware attack that exposed sensitive information of nearly six million Americans.
PharMerica started distributing breach notification letters to millions of affected customers, alerting them to a cyberattack that the company discovered on March 14th, 2023.
“The investigation determined that an unknown third party accessed our computer systems from March 12-13th, 2023, and that certain personal information may have been obtained from our systems as a part of the incident,” PharMerica said in a letter to affected customers.
PharMerica is a major player in the US pharmacy market, serving patients in 50 states and operating over 180 local pharmacies and 70,000 backup pharmacies. With nearly 5,500 employees, it’s the US’s second-largest institutional pharmacy services company, with revenues exceeding $2.1 billion last year.
What data did attackers take from PharMerica?
Information that PharMerica provided to the Maine Attorney General indicates that attackers got their hands on the personal data of over 5.8 million of its customers. PharMerica’s letter to customers explains that attackers accessed its customers’ names, addresses, dates of birth, Social Security numbers (SSNs), medications, and health insurance information.
While the never-ending stream of data breaches can cause fatigue, the dangers of losing one’s own persist. For example, cybercriminals can use personal information to commit fraud: from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.
Experts warn that even seemingly insignificant pieces of leaked personal information can be collated to have a devastating impact. Victims whose data has been leaked often don’t realize that they’ve been compromised and therefore take no action to mitigate the outcome.
PharMerica said it would offer affected customers one year of identity protection and fraud monitoring services through a third-party company. Customers who received the notification letter are also advised to stay vigilant against potential attacks.
Who is the Money Message group?
While PharMerica doesn’t specify what type of cyber incident it experienced, it was likely a ransomware attack. Cyber extortion syndicate Money Message has even listed PharMerica on their dark web blog, used to showcase the gangs’ latest victims.
The company, together with another healthcare service provider, was listed on the gang’s website in late March. Several updates on the gang’s post indicate that the crooks decided to leak the stolen data, a total of 4.7 terabytes of sensitive information.
According to researchers at cybersecurity firm Cyble, the Money Message ransomware gang is a relative newcomer to the market, first observed last month. While the gang was only detected this year, it has already targeted several multi-billion-dollar organizations.
One of its more prominent victims is the Taiwanese computer manufacturer Micro-Star International (MSI). Money Message leaked the company’s firmware image signing keys, a crucial component for differentiating between legitimate and malicious updates.
Your email address will not be published. Required fields are markedmarked