PharMerica Reports Breach Affecting Nearly 6 Million People

Cyber Security Threat Summary:
PharMerica, an institutional pharmacy, suffered a significant data breach in March, affecting nearly 6 million current and deceased patients. Hackers, allegedly from the Money Message ransomware group, accessed personal information such as names, birthdates, Social Security numbers, medications, and health insurance details. The group leaked spreadsheets containing patient data on the dark web and also posted internal business documents, including market models and balance sheets. They claimed that a massive 4.7-terabyte database containing at least 1.6 million personal records would be disclosed soon. This breach is the largest reported to federal regulators this year. PharMerica was described as the second-largest institutional pharmacy services company in the U.S. based on revenue and customer-licensed beds in its 2017 quarterly report. It has since merged with BrightSpring Health Services, forming a corporation with around $4.5 billion in annual revenue

Security Officer Comments:
PharMerica recently informed patients that they detected suspicious network activity on March 14th, with hackers gaining access to their systems for two days before that. The details regarding the ransom demand and the extent of the databases accessed by the attackers remain unclear. Negotiations took place between PharMerica and the Money Message ransomware group, but they reached an impasse, as reported by a spokesperson from Money Market to The Money Message ransomware group is relatively new, with its activities becoming apparent in March. In April, the group claimed responsibility for targeting Micro-Star International, a Taiwanese PC giant, and demanding a $4 million ransom.

Suggested Correction(s):
To mitigate the data breach at PharMerica Institutional Pharmacy, several actions can be taken. Firstly, establishing an incident response plan will ensure a swift and organized response to security breaches. Strengthening network security through measures like multi-factor authentication, regular updates, and intrusion detection systems is crucial. Employee education and training programs should be enhanced to raise awareness about data security risks. Encryption and segmentation of sensitive data, along with regular vulnerability assessments and penetration testing, are essential. Implementing advanced monitoring tools, data backups, and disaster recovery plans is recommended. Vendor security assessments, incident reporting, and collaboration with authorities are also important. Continuous monitoring and improvement of security measures will help prevent future breaches.