In March 2023, Money Message ransomware attacked PharMerica Corporation — one of the largest pharmacy benefit management companies in the US, providing pharmacy services to long-term care facilities including nursing homes and assisted living facilities across all 50 states. PharMerica disclosed the breach on 12 May 2023, notifying the HHS OCR that approximately 5.8 million patient records were compromised. Stolen data included names, dates of birth, Social Security numbers, medication lists, and health insurance information. Money Message listed PharMerica on its dark web leak site and published what it claimed was stolen data after PharMerica reportedly declined to pay the ransom. The data was subsequently searchable on the dark web. The breach is significant for the sensitivity of the data — pharmacy records from long-term care patients include medication regimens that can reveal serious medical conditions. PharMerica was acquired by BrightSpring Health Services in 2023, and the combined entity subsequently went public. Multiple class-action lawsuits were filed against PharMerica. HHS OCR opened a compliance review. The breach was one of the largest US healthcare data breaches of 2023.