Pharmacy provider PharMerica suffered a data breach on March 12, compromising sensitive data on almost six million patients. The breach was discovered two days later, and after concluding an investigation on March 21, it took the company three weeks to notify affected customers, with emails sent out on May 12. The stolen data included people’s names, postal addresses, birth dates, Social Security Numbers, drugs used or might be using, and health insurance information. The identity of the attackers was not initially revealed, but the Money Message ransomware group began publishing the stolen data on its leak site in late March.
The group claims to have stolen 4.7 terabytes of data, which included 1.6 million unique pieces of personal data. While negotiations with the victims broke down, the group released all the data it had taken in early April. The entire database is available on a clearnet hacking forum, split into 13 parts, and can still be downloaded. Money Message started targeting large organizations with ransomware earlier this year, demanding huge payouts, and one of its first victims was an Asian airline with almost a billion dollars in annual revenue. PharMerica is offering victims a year of Experian’s identity protection services.
