PharMerica Ransomware Attack Results in Data Breach — Shub & Johns Investigates

Shub & Johns LLC is investigating a potential class action lawsuit against PharmMerica Corporation for its apparent failure to safeguard sensitive patient information entrusted to it. PharMerica, a Kentucky-based national pharmacy that serves patients at over 3,000 health and care facilities, announced that it had discovered a ransomware attack on its servers occurring on March 12, 2023. A ransomware group known as “Money Message” reportedly added PharMerica to its list of ransomware victims found on the group’s leak webpage. Private data such as Personal Identification Information (“PII”) and Patient Health Information (“PHI”) is considered to be involved in the leak. According to PharMerica the data security breach lasted from March 12th through the 13th, and impacted over five million individuals. This information may have included patients’ names, Social Security numbers, dates of birth, Medicaid numbers, Medicare numbers, allergies, and other health conditions.

The cybercriminals responsible for the breach may have already obtained and sold the compromised patient information. In previous data breaches, victims of data theft have noticed identity theft attempts ranging from fraudulent charges on bank accounts or credit cards, medical and/or government services ordered in their name, or their information being posted on the dark web.

Have you recently received a data breach notification from PharMerica? If so, we would like to hear from you.  Please complete the contact form on this page or contact us at 610-477-8380 or info@shublawyers.com.