PharMerica Corporation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

PharMerica Corporation, a national pharmacy based in Louisville, Kentucky, experienced a data breach where an unknown third party accessed its computer systems on March 12-13, 2023. The breach potentially exposed personal and limited medical information, including names, dates of birth, Social Security numbers, medication lists, and health insurance information. PharMerica began notifying potentially affected individuals on March 21, 2023, and is providing complimentary identity protection and credit monitoring services to those affected. The company has also recommended that individuals regularly monitor their credit reports and account statements for any suspicious activity[1].

The breach was first reported by the Money Message ransomware group, which claimed responsibility and threatened to release the stolen data if their demands were not met. The group claimed to have obtained 4.7 terabytes of data, including sensitive patient information[3][7][12]. PharMerica has not publicly acknowledged the breach on its website or through a press release, but it is likely that the company is investigating the incident[3].

PharMerica is a provider of pharmacy services to over 3,100 medical facilities nationwide and operates 180 pharmacies across all 50 states. The company is owned by BrightSpring Health Services and employs more than 10,000 people, generating approximately $3.6 billion in annual revenue[3].

The breach may be one of the largest health data breaches of the first quarter of 2023, potentially affecting the largest number of individuals and their descendants[5]. The company has faced criticism for the delay in notifying affected individuals and state attorneys general, and there is an ongoing investigation into whether PharMerica and BrightSpring Health Services failed to take reasonable measures to protect patient data[11][13].

PharMerica has taken steps to secure its systems and is working with cybersecurity experts to prevent future incidents. The company has also set up a confidential, toll-free inquiry line for individuals seeking additional information about the breach[1][9].

Citations:

  1. https://pharmerica.com/data-privacy-incident/
  2. https://www.amerisourcebergen.com/careers-home
  3. https://www.jdsupra.com/legalnews/reports-of-data-breach-at-pharmerica-1274158/
  4. https://pharmerica.com
  5. https://www.healthcareitnews.com/news/pharmerica-announces-health-data-breach-possibly-largest-q1-2023
  6. https://pharmerica.com/news/
  7. https://healthitsecurity.com/news/pharmerica-notifies-5.8m-individuals-of-healthcare-data-breach
  8. https://homehealthcarenews.com/2019/03/brightspring-pharmerica-merge-in-1-32-billion-deal/
  9. https://www.businesswire.com/news/home/20230515005817/en/PharMerica-Notified-Individuals-of-Privacy-Incident
  10. https://finance.yahoo.com/news/pharmerica-corporation-pmc-shares-surge-194550798.html
  11. https://www.classaction.org/pharmerica-data-breach-lawsuit
  12. https://cybersecuritynews.com/pharmerica-hacked/
  13. https://www.justice4you.com/blog/pharmerica-patient-data-breach.html
  14. https://www.bankinfosecurity.com/pharmerica-reports-breach-affecting-nearly-6m-a-22073
Breach Submission Date May 12, 2023
Converted Entity Name PharMerica Corporation
Converted Entity Type Healthcare Provider
State KY
Individuals Affected 5,815,591
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes