Big Pharmacy Services Provider Breached

An “unknown third party” hacked into computer systems belonging to PharMerica, a leading U.S. pharmacy service provider, and apparently stole the personal data of nearly six million patients. PharMerica operates about 180 long-term care and specialty pharmacies in 50 states. In a statement, it said its parent company BrightSpring Health Services discovered suspicious network activity on March 14. The statement didn’t explain whether data stored by BrightSpring was compromised in the breach, or only PharMerica’s. “Upon discovering the incident, PharMerica promptly began an internal investigation and engaged cybersecurity experts to investigate and secure its computer systems,” according to the statement. The hackers claim to have health records including Social Security numbers from 400 databases. A ransomware gang called Money Message claimed responsibility and added both PharMerica and BrightSpring to its leak site. PharMerica says it is not aware of any fraud or identity theft so far, but is contacting potential victims to provide information and resources.