PharMerica Healthcare has disclosed that its systems were breached earlier this year by an unauthorized third party, which resulted in the leak of the personal details of more than 5.8 million deceased people.
PharMerica provides pharmacy services for patients under long-term care, including those in senior living facilities, hospice care, and using behavior health services.
A copy of a letter disclosing the data theft sent by PharMerica and addressed to the “Administrator/Executor of the Estate of…,” explained the cybersecurity incident occurred from March 12-13, and exposed information including the deceased person’s name address, date of birth, Social Security number, medications, and health insurance details.
PharMerica added that it has conducted a review of the incident and has “taken steps to reduce the risk of this type of incident from occurring in the future, including enhancing our technical security measures.”
NextGen Healthcare similarly disclosed a data breach by a third party days before PharMerica. In NextGen’s case, an unauthorized actor accessed a database with information on more than 1 million people.
Seniors Most at Risk
“This is a devastating data breach both in terms of size and the severity of what was leaked,” Paul Bischoff, consumer privacy advocate at Comparitech, said in a statement in reaction to the PharMerica disclosure.
“The Social Security and health insurance information pose the most immediate threat,” Bischoff added. “They could be used for identity theft and medical benefits fraud, respectively.”
Because the victims are passed, relatives aren’t likely to regularly monitor their credit