National pharmacy network PharMerica has announced that it has suffered a ransomware attack that has disclosed the healthcare and personal information of more than 5 million patients. Threat actors accessed PharMerica’s systems for at least two days and exfiltrated patient data during that time. The stolen data includes patient names, Social Security numbers, health insurance information, prescription details, and personal contact information.
PharMerica is headquartered in Louisville, Kentucky and is operated by parent company BrightSpring Health Services. PharMerica learned of the breach of its network on March 14, 2023, but just started noticing patients this week. A report from DataBreaches.net indicated that the ransomware group known as Money Message had posted stolen PharMerica data on its leak site, meaning that patient data is on the dark web. PharMerica has not addressed this report.
If you received a data breach notification from PharMerica and would like to discuss it with an attorney regarding a potential claim, you can connect with our attorneys at 855-696-0024 or by completing our free, no-obligation case evaluation form. If you suspect that your information was exposed in the PharMerica data breach, Morgan & Morgan is here to help.