The American company PHARMERICA, which provides pharmacy services in the 50s of the United States and serving about 3,100 medical institutions throughout the country, recognized the fact of a large -scale violation of the security of its system. As a result of a hacker attack, personal and medical data of more than 5.8 million patients were stolen.
The company discovered the invasion of March 14, and on March 21, established that customer data were stolen. However, notifications of compromise of data were sent to affected persons only last Friday, May 12.
PHARMERICA offered to all victims of one year of free services to protect against personal data through Experian IdentityWorks and recommended not to refuse this proposal in order to minimize the risks and consequences of possible future attacks.
Although PHARMERICA itself does not specify the type of hacker incident, Money Message, a group of extortion to Money Message, which announced this on its website on March 28, a month and a half before the official mailing of Pharmerica, has taken the responsibility for the attack. In addition to PHARMERICA, hackers also indicated another company as the victim, BrightSpring – health care provider, which united with PHARMERICA in March 2019.
The term of the ultimatum, which the hackers established Pharmerica, expired on April 9, so the attackers published all the stolen data on their website. Unfortunately, files are still available for downloading both on the Money Message website and on one of the public hacker forums.
Money Message is a new extortion group that began to conduct its harmful activities recently, around March this year, and quickly attracted the attention of the media with a hacking of the Taiwanese giant of computer components MSI, which we reported in early April.