The Money Message ransomware group has recently listed the Kentucky-based pharmacy network, PharMerica, and its parent company, BrightSpring Health Services, on its data leak site and claims to have stolen more than 2 million records in an attack on March 28, 2023. The stolen data includes patient names, birth dates, and Social Security numbers.
BrightSpring Health Services has confirmed that it is investigating a cybersecurity incident and has engaged third-party cybersecurity experts to assist with the investigation. BrightSpring said the attack did not affect its operations. At this stage of the investigation, it has not been determined how many individuals have been affected or the extent to which patient data was involved. The affected files are currently being reviewed and notification letters will be issued as quickly as possible.