Several major pharmaceutical companies have recently reported data breaches stemming from a cyberattack on Cencora, a partner they collaborate with for pharmaceutical and business services.
Formerly known as AmerisourceBergen, Cencora is based in Pennsylvania and operates in 50 countries, employing 46,000 individuals with a 2023 revenue of $262 billion. Specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support, the firm plays a critical role in the pharmaceutical industry.
In February 2024, Cencora disclosed a data breach in a Form 8-K filing with the SEC, revealing that unauthorized parties had accessed its information systems and extracted personal data. Despite this disclosure, the company did not provide further details about the incident or its potential impact. Moreover, no ransomware groups claimed responsibility for the attack.
Recently, the California Attorney General’s office shared data breach notifications submitted by some of the largest pharmaceutical firms in the US, attributing their data exposure to the February Cencora incident.
Among the eleven impacted firms, including Novartis Pharmaceuticals Corporation, Bayer Corporation, and AbbVie Inc., all issued similar data breach notifications. These notifications informed individuals that their personal information, maintained by Cencora in connection with patient support programs, had been compromised.
The exposed information included full names, addresses, health diagnoses, medications, and prescriptions. Despite this breach, there is currently no evidence that the exfiltrated data has been publicly disclosed or used for fraudulent purposes.
In response to the heightened risk for affected individuals, Cencora is offering two years of free identity protection and credit monitoring services through Experian, available until August 30, 2024.
When approached for further information about the incident and its impact, a Cencora spokesperson declined to provide additional details, referring to a news release issued the previous week.
Source: bleepingcomputer.com
