...
Cencora data breach exposes US patient info from 11 drug companies

In a significant cyberattack that has shaken the pharmaceutical industry, data belonging to several major drug companies has been exposed due to a breach at Cencora, formerly known as AmerisourceBergen. The February 2024 cyberattack, which went unclaimed by any ransomware groups, has compromised sensitive information from multiple pharmaceutical firms, highlighting vulnerabilities in the healthcare sector’s cybersecurity infrastructure.

Cencora, a pharmaceutical services giant based in Pennsylvania, disclosed the breach in a Form 8-K filing with the Securities and Exchange Commission (SEC). The company revealed that unauthorized parties had infiltrated its information systems, accessing and exfiltrating personal data.

At the time, Cencora did not provide details about the scope of the breach or its potential impact on clients. However, recent developments have brought to light the extent of the breach, with the California Attorney General’s office publishing data breach notifications from several affected pharmaceutical companies.

The firms impacted by the breach include some of the most prominent names in the pharmaceutical industry:

  1. Novartis Pharmaceuticals Corporation: A leading global pharmaceutical company with significant contributions in oncology, neuroscience, and immunology.
  2. Bayer Corporation: A multinational enterprise known for its work in pharmaceuticals, consumer health, and agricultural products.
  3. AbbVie Inc.: Renowned for its immunology and oncology treatments, especially the blockbuster drug Humira.
  4. Regeneron Pharmaceuticals, Inc.: Recognized for innovative treatments in ophthalmology, oncology, and immunology.
  5. Genentech, Inc.: A Roche Group member, significant in biotechnology and cancer treatment.
  6. Incyte Corporation: Specializes in oncology and hematology, with key products like Jakafi.
  7. Sumitomo Pharma America, Inc.: Part of Sumitomo Pharma Co., Ltd., with a diverse portfolio in psychiatry, neurology, and oncology.
  8. Acadia Pharmaceuticals Inc.: Focuses on central nervous system disorders.
  9. GlaxoSmithKline Group: A global healthcare leader in pharmaceuticals, vaccines, and consumer healthcare.
  10. Endo Pharmaceuticals Inc.: Specializes in pain management, urology, and endocrinology, with a presence in both branded and generic pharmaceuticals.
  11. Dendreon Pharmaceuticals LLC: Primarily focused on oncology and immunotherapy treatments for prostate cancer.

The notifications indicate that Cencora’s internal investigation concluded on April 10, 2024, confirming that personal information including full names, addresses, health diagnoses, medications, and prescriptions had been exposed.

The firms emphasized their commitment to data privacy and security, noting that there is no evidence of the stolen data being publicly disclosed or used for fraudulent purposes.

Novartis, in its breach notification, stated, “We take the privacy and protection of the information entrusted to us very seriously. Cencora is writing to let you know about an event that involved your personal information that Cencora maintains in connection with its patient support programs on behalf of Novartis Pharmaceuticals Corporation.”

In response to the breach, Cencora is offering affected individuals two years of free identity protection and credit monitoring services through Experian. This offer is available until August 30, 2024, providing some reassurance to those whose data was compromised.

This breach underscores the critical need for robust cybersecurity measures within the pharmaceutical and healthcare industries. As these sectors increasingly rely on digital systems for patient data management and support services, ensuring the protection of sensitive information against cyber threats is paramount.

The incident at Cencora serves as a stark reminder of the potential risks and the importance of maintaining vigilant security protocols to safeguard against future breaches.

The inclusion of three more pharmaceutical firms in the breach, updated on May 25, further expands the scope and impact of the incident.

As investigations continue and more details emerge, the industry is likely to see increased scrutiny and a push for enhanced security measures to protect patient data and maintain trust in healthcare services.

By Dale John

Dale John, age 37, is a seasoned writer with over a decade of experience specializing in the dark web and Tor network. With a deep commitment to providing private access to an uncensored internet, Dale's work is instrumental for human rights activists, journalists, and individuals living under oppressive regimes who need to access information and communicate securely. Dale's expertise is supported by a robust background in academic activities, including numerous publications and presentations at key conferences in the field of internet privacy and cybersecurity. Holding certifications in cybersecurity and digital privacy, Dale combines technical prowess with a passion for education, striving to raise awareness and understanding of the dark web's implications and potential. Dale is dedicated to maintaining a diverse patient population, ensuring her knowledge benefits a wide range of users seeking privacy solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.