National long-term care pharmacy PharMerica Corp. and BrightSpring Health Services experienced a cyber breach in late March, a BrightSpring Health Services spokesperson told the McKnight’s Business Daily on Monday. BrightSpring and PharMerica merged in late 2018.
“BrightSpring Health Services recently became aware of a cybersecurity incident that we have been investigating and addressing with the support of third-party cybersecurity experts. Additionally, we have notified law enforcement,” the BrightSpring spokesperson said. “This incident does not currently impact our operations.”
Cyber crimes against healthcare companies are on the rise. As McKnight’s previously reported, 322 healthcare organizations suffered data breaches in 2022 — the third year in a row the healthcare industry led all others in the number of data compromises.
A new ransomware group named Money Message on Saturday claimed responsibility for the PharMerica attack, DataBreaches.net reported. According to the report, Money Message uploaded screenshots showing portions of a patient-related data table that included names, Social Security numbers, dates of birth and Medicaid and Medicare numbers. Money Message claims to have protected health information on 100 individuals.
The ransomware group attacks both Windows and Linux operating systems, Cybersecurity News reported.
“More than five [companies have been] publicly identified as having been impacted by Money Message, the majority of whom are Americans, have already been reported since it was first noticed in March 2023,” the media outlet said.
BrightSpring said that while an investigation into the scope of the incident is ongoing, “we are aware that an unauthorized actor claims to have taken certain data from our systems. We are working diligently to review any files involved to determine their contents.” If any individuals’ sensitive information is involved, the company said, “we will notify them as quickly as possible and in accordance with applicable law.”
“The privacy and security of the patient information we maintain is one of our top priorities. With our internal expert team, investment in cybersecurity and the help of our third-party cybersecurity experts, we will continue to implement best practice technology protocols and take steps to protect the data entrusted to us,” the company added.
PharMerica serves the skilled nursing, assisted living, hospital, home infusion, hospice, behavioral, specialty and oncology pharmacy markets. The company operates more than 180 pharmacies across all 50 states.
According to an article from Hack Read, in addition to Pharmerica and BrightSpring, the following companies have been targeted by Money Message: Biman Bangladesh Airlines; Golden Bear Insurance Co. in Stockton, CA; Hawaii Self-Storage, with multiple locations; LPA Group, an engineering company in the United Kingdom; and Mid-American Glass in Davenport, IA.
