San Francisco, May 17 PharMerica, a leading pharmacy service provider in the US, which operates in more than 2,500 facilities across the country and offers over 3,100 pharmacy and healthcare programmes, has disclosed a data breach that compromised the personal information of nearly six million patients.
PharMerica stated in a data breach notification filed with Maine's Attorney General that it discovered suspicious activity on its computer network on March 14, reports TechCrunch.
After an internal investigation, it was discovered that an unauthorised third party had recently breached the systems, compromising the personal information of 5.8 million individuals, both current and deceased, including 35,000 patients based in Maine.
According to a letter sent to affected patients, hackers obtained patients' names, dates of birth, Social Security numbers, medication, and health insurance information.
However, the report said that the hackers also stole the protected health information of at least 100 patients, including allergy information, Medicare numbers and detailed diagnoses, including details about alcohol, drug and mental health-related illnesses.
The stolen data was published on the dark web leak site of the Money Message ransomware gang, which claims to have stolen a total of 4.7 terabytes of data from PharMerica and its parent company BrightSpring Health (a home and community-based health service provider).
However, neither PharMerica nor BrightSpring Health has confirmed that the nature of the incident was ransomware, the report mentioned.
In March, telehealth startup Cerebral, which suffered the third-largest breach, disclosed that it shared the private health information, including mental health assessments, of more than 3.1 million patients in the country with advertisers and social media giants like Facebook, Google and TikTok.
In a filing with the federal government, the company disclosed that they shared the personal and health information of patients who used the app to find therapy.
shs/vd
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor