PharMerica Corporation — one of the largest pharmacy services providers in the United States, serving nursing homes, assisted living facilities, and other long-term care settings — agreed to a $5.275 million settlement to resolve a class action lawsuit stemming from a ransomware attack in March 2023 that exposed the personal and medical data of approximately 5.8 million people. If you received a breach notification from PharMerica, your claim deadline is April 27, 2026.
Status: Claims Open — Deadline April 27, 2026 | Official Site: pmcsettlement.com
What Happened?
In March 2023, PharMerica discovered that a ransomware group called Money Message had infiltrated its computer systems and stolen an enormous volume of sensitive data. PharMerica is a major pharmacy benefits manager that fills prescriptions for residents of nursing homes, hospitals, and assisted living facilities across the United States.
Because PharMerica serves vulnerable populations — elderly residents and people with serious medical conditions — the data it holds is among the most sensitive possible. The March 2023 breach exposed the personal and health information of approximately 5.8 million individuals, making it one of the largest healthcare data breaches of that year.
What Data Was Exposed?
- Social Security numbers
- Dates of birth
- Health insurance information — policy numbers, plan details, insurer names
- Medication and prescription information — specific drugs prescribed and dosages
- Medical record information — diagnoses and treatment details
- Names and contact information
For nursing home and assisted living residents, this breach was particularly sensitive because their medication and diagnosis information was exposed — data that relates directly to their most vulnerable circumstances.
Who Is Eligible?
- You received a data breach notification letter from PharMerica regarding the March 2023 breach
- Your personal or medical information was exposed in the breach
If a family member was a resident of a nursing home or assisted living facility served by PharMerica and received a breach notification, they may also be eligible — and if they are unable to file themselves, a family member may be able to file on their behalf.
What Can You Claim?
- Documented out-of-pocket losses up to $10,000 — identity theft costs, fraudulent charges, credit monitoring services purchased, time spent dealing with the breach
- Pro-rata cash payment — all eligible class members receive a proportional payment from the $5.275 million fund without needing to document specific losses
- Credit monitoring services — free identity protection services for a defined period
Case Details
| Defendant | PharMerica Corporation |
| Breach | March 2023 ransomware attack by Money Message group |
| People Affected | Approximately 5.8 million |
| Data Exposed | SSNs, health insurance info, medication/prescription details, medical records |
| Settlement Amount | $5.275 million |
| Maximum Per Person | Up to $10,000 for documented losses |
| Claim Deadline | April 27, 2026 |
| Official Website | pmcsettlement.com |
| Status | Claims open |
By Steve Levine | Published: February 24, 2026
Legal Disclaimer
This article is for informational purposes only and does not constitute legal advice. OpenClassActions.org is not a law firm. Visit pmcsettlement.com for official information.