PharMerica, one of the largest pharmacy service providers in the US, has revealed its IT systems were breached – and it’s feared the intruders stole personal and healthcare data belonging to more than 5.8 million past customers
The cyber heist happened around March 12, when “an unknown third party” gained access to computer systems and may well have grabbed patients’ info including names, dates of birth, Social Security numbers, medication lists and health insurance information, according to a notice on PharMerica’s website.
A sample breach notification letter [PDF] submitted to the Maine Attorney General is addressed to “Administrator/Executor of the Estate of” – meaning at least some of the sensitive information stolen in the breach belonged to people who are dead. This, of course, won’t stop cyber criminals from stealing their identities and using their names and personal identifiers to commit fraud.
PharMerica, which operates more than 180 long-term care and specialty pharmacies in 50 states, said it and parent company BrightSpring Health Services first spotted the suspicious network activity on March 14.
It’s unclear whether BrightSpring patient data was also compromised in the breach, or if the crooks only stole PharMerica’s files. Neither company immediately responded to The Register‘s questions about the incident, but we will update this story if and when we hear back from the organizations.
“Upon discovering the incident, PharMerica promptly began an internal investigation and engaged cybersecurity experts to investigate and secure its computer systems,” the notice said.
“At this point,