Lately, cybercrime has been going through a noticeable spike, as several incidents have occurred in the past couple of months. Big companies such as Discord and Brightly have disclosed breaches lately, and threat actors don’t seem to be stopping anytime soon. They also have an interest in the medical field, marking Pharmacy services provider PharMerica as their latest victim.
No matter how new a threat actor is on the scene, we should never take their capabilities lightly. PharMerica learned that the hard way with a breach caused Money Message – a group that just started its operation back in March 2023.
Unfortunately, the attack is huge. The company disclosed a massive data breach that affected over 5.8 million patients.
With medical data now in the open, who knows what other hackers can do? We’ll shed more light on that matter in the following article.
A Cyber Message Delivered – 5.8 Million PharMerica Patients Exposed
Cybercriminals are not just sitting around waiting for the next victim to target. On the contrary, they’re elevating their techniques to infiltrate bigger companies every time.
The bigger the company, the more valuable the harvested information is, and PharMerica is huge. The Pharmacy services provider covers 50 U.S. states, operates 180 local and 70,000 backup pharmacies, as well as servers over 3K medical facilities within the United States.
The breach took place on March 12th, 2023, allowing Money Message to take over systems and harvest a large amount of sensitive customer information, including:
- Full names
- Dates of birth
- Social Security numbers (SSNs)
- Health insurance information
However, the company took its time to disclose the breach, as it only sent notices to impacted individuals only last Friday, May 12th, 2023. Here’s what the official statement reads:
“On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.
The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.
We have been conducting a comprehensive review of the potentially affected data to determine whose information may have been obtained.
On March 21, 2023, we determined that the data contained personal information that included the above-referenced person’s name, address, date of birth, Social Security number, medications and health insurance information.“
When a cyberattack occurs, the first thing a company should do is inform everyone impacted. Next, it should investigate the type of attack and who’s behind it.
Such investigation is not necessary for this particular attack as none other than the ransomware group Money Message has personally claimed it on March 28th, 2023, as it started publishing the stolen data online:
Since Money Message is a ransomware group, this means that it gave the company time to pay a ransom.
Apparently, the timer ran out, and the threat actors published the stolen data online, and everyone could download the files. And yes, the data is still available at this time.
Even other threat actors are now posting the data on a clearnet hacking forum, giving easier options to download the files by other hackers.
The leaked data has a lot of sensitive content, and it could be used maliciously in the near future. Since email addresses are involved, we could assume that phishing attacks should be considered.
Money Message Scores Big – Refused Ransom, Exposed Data
Money Message is still a new ransomware group making its way within the cybercrime universe. However, if every attack it performs is similar to this, it’s going places.
The group is dangerous, and a lot of sensitive information is out in the open for anyone to use. We highly recommend you approach every email or text message with vigilance. You can be a target for future phishing or smishing campaigns.