Millions of PharMerica customers hit in ransomware attack

Ransomware
(Image credit: Pixabay)

The Money Message ransomware gang has struck again, now leaking terabytes of sensitive data belonging to a major pharmacy provider in the United States. 

PharMerica recently filed a notification with the Office of the Maine Attorney General, noting that it suffered a data breach on March 12, in which sensitive data on almost six million patients were stolen.

The data taken include people’s names, postal addresses, birth dates, Social Security Numbers (SSN), any drugs they used or might be using, and health insurance information. 

PharMerica data leak

PharMerica spotted the attack two days later and concluded its investigation a week later on March 21 when it realized the attackers made off with sensitive company data. 

It took the organization some three weeks to notify its affected customers, as the emails started going out on May 12, which PharMerica offering victims a year of Experian’s identity protection services.

The company did not initially reveal who was behind the attack, or what the threat actors’ goal was, but in late March 2023, the Money Message ransomware group started publishing the data on its leak site. The group says it stole 4.7 terabytes of data, which included 1.6 million unique pieces of personal data. 

Subsequent negotiations with the victims obviously broke down, as in early April the group released everything it had taken. BleepingComputer claims the data is still available for download. The entire database can be found on a clearnet (publicly accessible) hacking forum, split into 13 parts.

Money Message started making a name for itself earlier this year, when it was found targeting large organizations with ransomware and demanding huge payouts (1M+). One of its first victims was an Asian airline with almost a billion dollars in annual revenue.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.