U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PharMerica data breach impacts more than 5.8 million individuals

National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 million individuals. National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company started notifying the impacted individuals via letter. The company is the second largest in the […]

PharMerica

National pharmacy network PharMerica discloses a data breach that impacted more than 5.8 million individuals.

National pharmacy network PharMerica disclosed a data breach that exposed the personal information of 5,815,591 individuals. The incident took place in March and the company started notifying the impacted individuals via letter.

The company is the second largest in the institutional pharmacy services market, with revenues of $1.9 billion and a customer base of 330,000 “beds” in 41 U.S. states. PharMerica provides its services to senior living communities, nursing facilities, public health organizations and post-acute care organizations.

“On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering the cybersecurity incident, we promptly began an internal investigation and engaged cybersecurity advisors to investigate and secure our computer systems.” reads the letter sent to the impacted individuals and shared with the Maine Attorney General’s Office. “The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.”

The company believes that the compromised information has not been misused for fraudulent activities or identity theft.

The security breach occurred between March 12 and March 13, threat actors had access to person’s name, address, date of birth, Social Security number, medications and health insurance information.

In response to the incident, the company enhanced its technical security measures.

The company warns that in some cases, exposed data belong to deceased individuals, for this reason, PharMerica encourages executors or surviving spouses to contact the national credit reporting agencies to request a copy of a deceased individual’s credit report along with making one of the following
notations:

  • “Deceased – Do not issue credit”; or
  • “If an application is made for credit, please notify the following person(s): (e.g., list a surviving
    relative, executor/trustee of the estate, and/or local law enforcement agency – notifying the
    relationship).”

Who is behind the attack?

PharMerica did not provide details about the attack, but the Money Message ransomware group claimed responsibility for the security breach and added the company to the list of victims on its Tor Leak site.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PharMerica)