Amerita

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Amerita, a Kansas-based pharmaceutical and infusion product provider, experienced a significant data breach affecting 219,700 patients. This breach was part of a larger cyberattack on PharMerica, a company associated with Amerita, which was reported to the Health and Human Services’ Office for Civil Rights in May 2023 as impacting a total of 5,815,591 individuals[1]. The breach at Amerita was detected due to suspicious activity in its computer systems on March 13, 2023, with a forensic investigation confirming unauthorized access to its network between March 12 and March 13, 2023. During this period, files may have been obtained from its systems. The compromised information included names, addresses, medical histories, diagnoses, medications, and health insurance information, although there was no evidence to suggest that Social Security numbers and driver’s license numbers were compromised[1].

Amerita and PharMerica have since enhanced their technical security measures to prevent future incidents. The nature of the attack was not explicitly stated in Amerita’s notification letters, but it appears to have been a ransomware attack by the Money Message ransomware group, which claimed responsibility for the attack and alleged that 4.7 terabytes of data were stolen[1].

In response to the breach, Amerita has been involved in legal action. A proposed federal class action lawsuit was filed against Amerita in a California federal court, alleging that the company failed to implement or follow reasonable data security procedures, putting patients at risk for identity theft, fraud, and related crimes. The lawsuit also criticized Amerita for the delay in notifying affected individuals, which took nearly six months after the breach was discovered[8].

This incident is part of a larger trend of healthcare data breaches, highlighting the vulnerability of medical information to cyberattacks and the significant impact these incidents can have on patients and healthcare providers alike[9].

Citations:

  1. https://www.hipaajournal.com/amerita-confirms-219700-patients-affected-by-pharmerica-cyberattack/
  2. https://www.kctv5.com/2024/01/04/north-kansas-city-hospital-notifies-patients-possible-data-breach/
  3. https://www.idstrong.com/sentinel/infusion-company-amerita-suffers-a-data-breach/
  4. https://colevannote.com/investigations/
  5. https://4classaction.com/2023/09/20/fbfg-investigating-amerita-data-breach/?utm_campaign=fbfg-investigating-amerita-data-breach&utm_medium=rss&utm_source=rss
  6. https://www.healthcareitnews.com/news/list-biggest-hipaa-data-breaches-2009-2015
  7. https://www.teiss.co.uk/news/us-pharma-company-amerita-said-cyber-attack-impacted-about-220k-patients-12873
  8. https://www.bankinfosecurity.com/infusion-firm-faces-lawsuit-after-hackers-hit-parent-company-a-23188
  9. https://www.hipaajournal.com/september-2023-healthcare-data-breach-report/
  10. https://www.ksn.com/news/local/how-ransomware-attacks-at-wichita-hospitals-threaten-your-privacy-and-health/
  11. https://healthitsecurity.com/topic/latest-health-data-breaches
Breach Submission Date Sep 05, 2023
Converted Entity Name Amerita
Converted Entity Type Healthcare Provider
State KS
Individuals Affected 219,707
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes