Alex - stock.adobe.com

PharMerica Notifies 5.8M Individuals of Healthcare Data Breach

National pharmacy network PharMerica disclosed a healthcare data breach that potentially exposed the personal information of millions of individuals, including deceased patients.

Long-term care pharmacy network PharMerica disclosed a breach to the Maine Attorney General’s Office that impacted more than 5.8 million individuals. PharMerica is a Fortune 1000 company headquartered in Louisville, Kentucky and is operated by parent company BrightSpring Health Services.

According to the breach notice, PharMerica learned of suspicious activity within its network on March 14, 2023. Upon discovery, PharMerica launched an investigation that determined that an unknown party had accessed its computer systems between March 12 and 13, 2023 and potentially obtained some personal information.

The information involved in the breach included names, Social Security numbers, addresses, birth dates, medication information, and health insurance information. The notice provided to the Maine Attorney General’s Office was addressed to estate executors, meaning that some portion of the impacted individuals were deceased.

PharMerica encouraged executors to request copies of the deceased individual’s credit report and to place alerts on the file with major credit reporting agencies.

PharMerica said it had “no reason to believe that anyone’s information has been misused for the purpose of committing fraud or identity theft.”

However, a report from DataBreaches.net indicated that the Money Message ransomware group had posted stolen PharMerica data on its leak site.

This story will be updated as more information becomes available.

Next Steps

Dig Deeper on Healthcare data breaches