One of the largest US pharmacy suppliers, PharMerica, has confirmed that Money Message hackers have accessed the personal information of nearly six million patients. Among the stolen data were both general information and medical data.
In a data breach notice filed with the Maine Attorney General, PharMerica said it learned on March 14 of suspicious activity on its computer network. An internal investigation found that “unknown third partyhad gained access to its systems days earlier and stole the personal data of 5.8 million patients. In a letter to affected customers, the company said the hackers obtained patient names, dates of birth, social security numbers, a medication list, and health insurance information. However, samples of the leaked data confirm that the hackers also stole proprietary health information from at least 100 patients, including allergy information, health insurance numbers, and detailed diagnoses including alcohol, drug use, and mental illness.
The stolen data was published on the website of the Money Message hacker group, which launched an attack on computer components manufacturer MSI in March. The hacking team claims to have stolen a total of 4.7 TB of data from PharMerica and its parent company BrightSpring Health, a home healthcare provider. In a statement posted on PharMerica’s website, the company said it was taking additional steps to reduce the likelihood of a similar event occurring in the future, but did not specify what those steps would be.
The PharMerica incident, which affected nearly six million patients, was the largest patient data breach this year. The second biggest crime involves Southern California-based medical company Regal Medical Group, which confirmed in January that more than 3.3 million patient records had been accessed.