PharMerica Corporation
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
PharMerica Corporation, a national pharmacy based in Louisville, Kentucky, experienced a data breach where an unknown third party accessed its computer systems on March 12-13, 2023. The breach potentially exposed personal and limited medical information, including names, dates of birth, Social Security numbers, medication lists, and health insurance information. PharMerica began notifying potentially affected individuals on March 21, 2023, and is providing complimentary identity protection and credit monitoring services to those affected. The company has also recommended that individuals regularly monitor their credit reports and account statements for any suspicious activity[1].
The breach was first reported by the Money Message ransomware group, which claimed responsibility and threatened to release the stolen data if their demands were not met. The group claimed to have obtained 4.7 terabytes of data, including sensitive patient information[3][7][12]. PharMerica has not publicly acknowledged the breach on its website or through a press release, but it is likely that the company is investigating the incident[3].
PharMerica is a provider of pharmacy services to over 3,100 medical facilities nationwide and operates 180 pharmacies across all 50 states. The company is owned by BrightSpring Health Services and employs more than 10,000 people, generating approximately $3.6 billion in annual revenue[3].
The breach may be one of the largest health data breaches of the first quarter of 2023, potentially affecting the largest number of individuals and their descendants[5]. The company has faced criticism for the delay in notifying affected individuals and state attorneys general, and there is an ongoing investigation into whether PharMerica and BrightSpring Health Services failed to take reasonable measures to protect patient data[11][13].
PharMerica has taken steps to secure its systems and is working with cybersecurity experts to prevent future incidents. The company has also set up a confidential, toll-free inquiry line for individuals seeking additional information about the breach[1][9].
Citations:
- https://pharmerica.com/data-privacy-incident/
- https://www.amerisourcebergen.com/careers-home
- https://www.jdsupra.com/legalnews/reports-of-data-breach-at-pharmerica-1274158/
- https://pharmerica.com
- https://www.healthcareitnews.com/news/pharmerica-announces-health-data-breach-possibly-largest-q1-2023
- https://pharmerica.com/news/
- https://healthitsecurity.com/news/pharmerica-notifies-5.8m-individuals-of-healthcare-data-breach
- https://homehealthcarenews.com/2019/03/brightspring-pharmerica-merge-in-1-32-billion-deal/
- https://www.businesswire.com/news/home/20230515005817/en/PharMerica-Notified-Individuals-of-Privacy-Incident
- https://finance.yahoo.com/news/pharmerica-corporation-pmc-shares-surge-194550798.html
- https://www.classaction.org/pharmerica-data-breach-lawsuit
- https://cybersecuritynews.com/pharmerica-hacked/
- https://www.justice4you.com/blog/pharmerica-patient-data-breach.html
- https://www.bankinfosecurity.com/pharmerica-reports-breach-affecting-nearly-6m-a-22073