Bausch Health, a Canadian pharmaceutical company, was targeted as part of the 2024 UNC5537/Sp1d3rHunters Snowflake credential-theft campaign. The threat actor ‘Sp1d3rHunters’ claimed to have stolen approximately 3TB of data, including 1.6 million DEA numbers (Drug Enforcement Administration numbers assigned to healthcare providers to write prescriptions) and prescriber details. A $3 million ransom demand was issued. The exposure of DEA numbers is particularly severe because they cannot be easily reset — each provider must submit an individual request — creating long-term disruption risk for healthcare prescribers. This was part of the broader UNC5537 Snowflake campaign that targeted at least 160 organizations using stolen credentials obtained via infostealer malware, exploiting the absence of MFA.