Legal Investigation Looks into PharMerica Data Breach: Was Your Info Exposed?
Last Updated on November 4, 2025
Investigation Complete
Attorneys working with ClassAction.org have finished their investigation into this matter. Check back for any potential updates. You can also sign up for our free newsletter for the latest in class action news and settlements.
If you still have questions about your rights, contact an attorney in your area as there is a time limit for filing all lawsuits. The information on this page was posted when the investigation began and is now for reference only.
Free Consumer Tools:
- Open and Current Class Action Lawsuit Settlements and Rebates
- Open and Current Class Action Lawsuit List, Investigations
- Class Action Lawsuit and Settlement News
- Free Class Action Lawsuit Database
At A Glance
- This Alert Affects:
- Anyone who received a letter from PharMerica informing them that their personal information may have been involved in a data breach.
- What’s Going On?
- Attorneys working with ClassAction.org are investigating whether a class action lawsuit can be filed against PharMerica Corporation and parent company BrightSpring Health Services over a data breach that reportedly exposed the personal and health information of over 5.8 million individuals. But first, they need to hear from people who may have been affected.
- How Could a Lawsuit Help?
- A class action lawsuit could potentially help victims recover money for damages, including time spent dealing with the effects of the data breach and the cost of identity protection services. It could also force the companies to improve their cybersecurity.
Attorneys working with ClassAction.org want to hear from anyone who received a letter from PharMerica stating that their data may have been compromised in a data breach.
The pharmacy services provider recently announced that an unauthorized third party had gained access to its computer systems and obtained patients’ highly sensitive data – including their names, dates of birth, Social Security numbers, medication lists and health insurance information.
It’s believed that PharMerica and parent company BrightSpring may have failed to take reasonable measures to protect patients’ information from unauthorized disclosure, thereby exposing them to a substantially increased risk of identity theft and fraud.
Now, the attorneys are investigating whether a class action lawsuit can be filed against the Kentucky-based companies to help compensate victims for any damages they’ve incurred as a result of the breach.
PharMerica Data Breach: Why Did I Get a Letter?
PharMerica, which provides pharmacy services to 3,100 medical facilities nationwide, began notifying customers on May 12 that it had fallen victim to a cyberattack between March 12 and 13 of this year. A notice provided to the Maine Attorney General’s Office reveals that the breach has impacted 5,815,591 individuals.
According to the HIPAA Journal, the ransomware gang reportedly responsible for the attack, Money Message, claims to have exfiltrated databases containing 4.7 terabytes of stolen data. DataBreaches.net says that BrightSpring, which offers home- and community-based health services for seniors and high-needs patients, was also targeted in the breach.
In late March, the group began publishing patients’ private information on its extortion site, where the files remained available for download as of May 15, cybersecurity news site BleepingComputer.com reports.
How Could a Lawsuit Help Data Breach Victims?
If successful, a lawsuit could compensate data breach victims for the damages related to the breach, including:
- Money spent obtaining credit reports, medical records and additional credit monitoring and identity theft protection services
- Time spent dealing with the effects of the breach
- Loss of privacy
- Fraudulent charges
- Damage to credit
In addition, a lawsuit could also force the companies to implement stronger data security to adequately protect patients’ information from future attacks.
Before commenting, please review our comment policy.