One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of nearly six million patients.
PharMerica operates more than 2,500 facilities in the US and offers more than 3,100 pharmacy and health care programs.
In a data breach notification Filing with the Maine attorney general, PharMerica said it learned of suspicious activity on its computer network on March 14. An internal investigation revealed that an “unknown third party” accessed their systems days before and stole the personal information of 5.8 million current and deceased individuals. including 35,000 Maine-based patients.
In a letter sent to affected patients, the Kentucky-based company said hackers obtained patient names, dates of birth, Social Security numbers, medication information and health insurance.
But samples of the leaked data, seen by TechCrunch, suggest the hackers also stole the protected health information of at least 100 patients, including allergy information, Medicare numbers and detailed diagnoses, including details about alcohol, drugs and illnesses related to mental health.
This stolen data was posted on the Money Message ransomware gang’s dark web leak site, a relatively new operation first observed in march, which claimed responsibility for the cyberattack. Money Message claims to have stolen a total of 4.7 terabytes of data from PharMerica and its parent company BrightSpring Health, a provider of home and community health services.
The same ransomware gang claimed responsibility for the cyber attack on Taiwanese hardware manufacturer Micro-Star International, known as M: YESthat compromised a large amount of data, including that of the company code signing private keys.
Neither PharMerica nor BrightSpring Health have confirmed that the nature of the incident was ransomware, and BrightSpring Health spokeswoman Leigh White did not respond to questions from TechCrunch.
in a statement Posted on its website, PharMerica said it is taking additional steps to help reduce the likelihood of a similar event occurring in the future, but did not specify what these steps are.
With nearly six million patients affected, the PharMerica incident is the largest healthcare data breach so far this year. The second largest breach involves Southern California medical firm Regal Medical Group, which confirmed in January that data on more than 3.3 million patients had been accessed.
Telehealth startup Cerebral, which suffered the third-biggest breach, confirmed in march than the private health information, including mental health assessments, of more than 3.1 million patients in the United States with advertisers and social media giants.
—————————————————-
Source link