Health Services Giant PharMerica Loses Millions of Patient Details in Recent Breach
Table of Contents
- By Steven
- May 22, 2023
PharMerica is a huge service provider that works with many of the pharmacies and medical facilities in the United States today. The company offers its services to more than 2,500 facilities and over 3,100 pharmacies, and providing the data services to all those companies requires storing massive amounts of HIPAA-protected information. Unfortunately, this pharmaceutical services giant suffered a recent data breach compromising data for millions of different patients.
How Did the Attack Occur?
This data attack occurred because the ransomware gang Money Message made a focused effort to break into the company's files and steal protected information. During its attack, the company managed to make away with over 4.7 million terabytes of information for more than 2 million separate patients. It's likely that the gang issued a ransom demand to PharMerica to keep from releasing or misusing the stolen data, but no official word has been released about the details of the ransom.
According to official statements made by the company, the attack went on from March 12 until March 13, 2023, and the company didn't realize there was a breach until March 14, 2023. It wasn't until April that reports went out and that anyone was notified about what happened during this data breach. That's likely because PharMerica had to hire a firm to investigate this breach and what information was spread during it.
What Information Was Viewed or Stolen?
The attack led to private data such as health insurance and medical information being released. Patients also lost their Social Security numbers, birth dates, home addresses, and full names to this attack, along with other miscellaneous details. When misused, this data could lead to major problems with fraud and credit attacks for the patients involved in this breach.
How Did PharMerica Admit to the Breach?
PharMerica released a statement to the Maine Attorney General explaining this breach in detail. The company informed the state about all the Maine citizens impacted by the breach and conveyed the full scope of the attack. Personal notices should be sent to each of the individuals involved in this breach. Notices weren't sent out until investigators were able to confirm that personal data was stolen successfully from millions of patients.
What Will Become of the Stolen Information?
The Attorney General's report states that PharMerica doesn't expect the information to be misused, but that seems unlikely unless the health services company agrees to pay the ransom amount. If the ransom isn't paid, the data will be released online, sold, or used for fraudulent attacks on individuals. It's also likely that the stolen data could be used in phishing attacks.
What Should Affected Parties Do in the Aftermath of the Breach?
If you receive a notice about this breach, your data may have been involved. You should utilize the free credit monitoring protection offered by PharMerica to monitor your information and prevent identity theft from occurring. Watch your credit closely, and you should be able to mitigate any damage that is done to you because of this attack.