PharMerica has disclosed a data breach that compromised the personal information of nearly six million patients.
PharMerica stated in a data breach notification filed with Maine’s Attorney General that it discovered suspicious activity on its computer network on March 14, reports TechCrunch.
After an internal investigation, it was discovered that an unauthorized third party had recently breached the systems, compromising the personal information of 5.8 million individuals, both current and deceased, including 35,000 patients based in Maine.
According to a letter sent to affected patients, hackers obtained patients’ names, dates of birth, Social Security numbers, medication, and health insurance information.
However, the report said that the hackers also stole the protected health information of at least 100 patients, including allergy information, Medicare numbers, and detailed diagnoses, including details about alcohol, drug, and mental health-related illnesses.
The stolen data was published on the dark web leak site of the Money Message ransomware gang, which claims to have stolen a total of 4.7 terabytes of data from PharMerica and its parent company BrightSpring Health (a home and community-based health service provider).
However, neither PharMerica nor BrightSpring Health has confirmed that the nature of the incident was ransomware, the report mentioned.
In a filing with the federal government, the company disclosed that they shared the personal and health information of patients who used the app to find therapy
