Relatives are being alerted that a PharMerica compromise exposed the sensitive data of their deceased loved ones, which could be used for identity theft.
May 15, 2023
PharMerica Healthcare has disclosed that its systems were breached earlier this year by an unauthorized third party, which resulted in the leak of the personal details of more than 5.8 million deceased people.
PharMerica provides pharmacy services for patients under long-term care, including those in senior living facilities, hospice care, and using behavior health services.
A copy of a letter disclosing the data theft sent by PharMerica and addressed to the "Administrator/Executor of the Estate of...," explained the cybersecurity incident occurred from March 12-13, and exposed information including the deceased person's name address, date of birth, Social Security number, medications, and health insurance details.
PharMerica added that it has conducted a review of the incident and has "taken steps to reduce the risk of this type of incident from occurring in the future, including enhancing our technical security measures."
NextGen Healthcare similarly disclosed a data breach by a third party days before PharMerica. In NextGen's case, an unauthorized actor accessed a database with information on more than 1 million people.
Seniors Most at Risk
"This is a devastating data breach both in terms of size and the severity of what was leaked," Paul Bischoff, consumer privacy advocate at Comparitech, said in a statement in reaction to the PharMerica disclosure.
"The Social Security and health insurance information pose the most immediate threat," Bischoff added. "They could be used for identity theft and medical benefits fraud, respectively."
Because the victims are passed, relatives aren't likely to regularly monitor their credit reports, making any cybercrime related to the stolen data even more difficult to detect and stop, Bischoff explained.
"That puts the onus of responsibility on relatives, who could be on the hook for the deceased's debts," Bishoff added. "I suspect this attack disproportionately affects the elderly as well, who are frequently targeted by fraud."
Chris Hauk, consumer privacy advocate at Pixel Privacy, also urged in a statement those impacted by the PharMerica compromise to stay on alert for accounts and lines of credit opened in a deceased person's name, as well as phishing attempts using the stolen sensitive data.
"As senior citizens make up a large number of pharmaceutical customers, they and their caretakers will also need to stay alert for phishing attempts," Hauk added.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024