Pharmacy provider PharMerica suffered a data breach on March 12, compromising sensitive data on almost six million patients. The breach was discovered two days later, and after concluding an investigation on March 21, it took the company three weeks to notify affected customers, with emails sent out on May 12. The stolen data included people’s names, postal addresses, birth dates, Social Security Numbers, drugs used or might be using, and health insurance information. The identity of the attackers was not initially revealed, but the Money Message ransomware group began publishing the stolen data on its leak site in late March.