One of many largest pharmacy service suppliers in the USA has confirmed that hackers accessed the non-public information of virtually six million sufferers.
PharMerica operates over 2,500 amenities throughout the U.S. and presents greater than 3,100 pharmacy and healthcare applications.
In a knowledge breach notification filed with Maine’s legal professional normal, PharMerica stated it discovered of suspicious exercise on its laptop community on March 14. An inner investigation revealed that an “unknown third celebration” accessed its methods days earlier and stole the non-public data of 5.8 million present and deceased people, together with 35,000 sufferers based mostly in Maine.
In a letter despatched to affected sufferers, the Kentucky-based firm stated hackers obtained sufferers’ names, dates of delivery, Social Safety numbers, remedy and medical health insurance data.
However samples of the leaked information, seen by TechCrunch, recommend the hackers additionally stole the protected well being data of at the very least 100 sufferers, together with allergy data, Medicare numbers and detailed diagnoses, together with particulars about alcohol, drug and psychological health-related sicknesses.
This stolen information was revealed on the darkish net leak website of the Cash Message ransomware gang, a comparatively new operation first noticed in March, which took credit score for the cyberattack. Cash Message claims to have stolen a complete of 4.7 terabytes of knowledge from PharMerica and its guardian firm BrightSpring Well being, a house and community-based well being service supplier.
The identical ransomware gang claimed accountability for the cyberattack on Taiwanese {hardware} maker Micro-Star Worldwide, referred to as MSI, which compromised reams of knowledge, together with firm’s personal code-signing keys.
Neither PharMerica nor BrightSpring Well being has confirmed that the character of the incident was ransomware, and BrightSpring Well being spokesperson Leigh White didn’t reply to TechCrunch’s questions.
In a assertion posted to its web site, PharMerica stated it’s taking further steps to assist scale back the chance of an identical occasion taking place sooner or later, however didn’t specify what these steps are.
With nearly six million sufferers affected, the PharMerica incident is the most important breach of healthcare information thus far this yr. The second largest breach includes Southern California medical agency Regal Medical Group, which confirmed in January that the info of greater than 3.3 million sufferers had been accessed.
Telehealth startup Cerebral, which suffered the third-largest breach, confirmed in March that the personal well being data, together with psychological well being assessments, of greater than 3.1 million sufferers in the USA with advertisers and social media giants.