On April 8, 2023, reports of a PharMerica Corporation data breach began to surface after the Money Message ransomware group added PharMerica to its list of victims. Because news of the PharMerica breach is brand new, little is known about the incident aside from what the hackers have claimed. However, undoubtedly PharMerica is aware of the incident and actively conducting an investigation. If the company’s investigation confirms that consumer data was leaked, PharMerica will begin to send out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you receive a data breach notification from PharMerica or its parent company BrightSpring Health Services, it is essential you understand what is at risk and what you can do about it. Data breaches like this one put the confidential information of patients into the hands of hackers who can then use the information to commit a wide range of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of a PharMerica data breach, please see our recent piece on the topic here.
What We Know So Far About the Possible PharMerica Breach
News of the PharMerica data breach is still fresh; however, what we know at this point comes from a databreaches.net report. According to this source, on April 8, 2023, the ransomware group Money Message added PharMerica to the list of victims on the group’s leak site. Evidently, Money Message claimed that the breach occurred on March 28. 2023.
As proof of the recent cyberattack, Money Message included samples of the stolen data, which included patients’ names, Social Security numbers, dates of birth, Medicaid numbers, Medicare numbers, allergies, and other health conditions.
Databreaches.net confirmed that several of the Social Security numbers posted on the Money Message site were valid and seemed to belong to actual people. Thus, it appears that the hackers’ reports could be true.
PharMerica has yet to publicly acknowledge the breach, as there is no notice posted on its website, and the company doesn’t appear to have issued any press release about the incident. However, given that the company’s in the news, it’s likely that PharMerica is currently investigating the nature and scope of the breach in hopes of learning what data was leaked and who it belonged to.
Once PharMerica completes its investigation, it will send out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About PharMerica Corporation
PharMerica Corporation is a national pharmacy based out of Louisville, Kentucky. The company serves patients of more than 3,100 long-term care, senior living, behavioral health, home infusion, specialty pharmacy, and hospital management programs. In total, PharMerica operates 180 pharmacies located in all 50 states. PharMerica is owned by BrightSpring Health Services, a healthcare services company also based in Louisville, Kentucky. PharMerica employs more than 10,000 people and generates approximately $3.6 billion in annual revenue.
