Ransomware attack on PharMerica impacts 5.8 million patients

PharMerica, a national pharmacy network, and its parent company BrightSpring Health, a provider of home and community-based health services, reported that they were victom to the Money Message ransomware group. On May 12, PharMerica officially notified the Maine Attorney General's Office about the incident, revealing that a total of 5,815,591 individuals were affected, including 35,068 Maine residents. PharMerica's investigation found suspicious activity on their network, which occurred from March 12 to March 13, contrary to Money Message's claim of an attack on March 28. The compromised information included individuals' names, addresses, dates of birth, Social Security numbers, medications, and health insurance details. Apparently negotiations with the ransomware group took place but reached an impasse, leading Money Message to continue leaking data. It remains unclear whether PharMerica or BrightSpring Health have informed the nearly 6 million affected patients about the data breach and subsequent leaks by criminals since April.