Data breach at medical giant Cencora reveals information from multiple pharmaceutical companies
Nearly a dozen pharmaceutical companies, including several major players, have lost sensitive customer data due to a supply chain cyberattack that trickled down from pharma giant Cencora.
In late February 2024, drug wholesaler Cencora (formerly known as AmerisourceBergen) filed a Form 8-K with the Securities and Exchange Commission (SEC), reporting a data breach incident, without going into too much detail.
Now, BleepingComputer has found eleven pharmaceutical companies, all of which have filed nearly identical breach notification letters with the California Attorney General’s office, all of which claim a data breach as a result of the Cencora incident.
Identity theft and phishing
The affected companies include Novartis Pharmaceuticals Corporation, Bayer Corporation, AbbVie, Regeneron Pharmaceuticals, Genentech, Incyte Corporation, Sumitomo Pharma America, Acadia Pharmaceuticals, GlaxoSmithKline Group, Endo Pharmaceuticals and Dendreon Pharmaceuticals.
The companies lost customers’ full names, mailing addresses, health diagnoses, medications and prescriptions.
At this time there does not appear to be any evidence of data misuse, but as there is a real risk of identity theft, phishing and other forms of attacks, exposed individuals are being offered two years of free identity protection and credit. monitoring via Experian.
Cencora’s investigation, which apparently concluded in mid-April 2024, found that the incident was a data smash-and-grab and not a ransomware attack. The company therefore does not expect the attack to have a significant effect on its operations or financial status. . However, there is always the possibility that there will be a class action lawsuit, or that the EU will investigate whether there has been a breach of the GDPR.
Cencora is a pharmacy giant with more than 46,000 employees and revenues of approximately $262.2 billion in 2023 alone. It is based in Pennsylvania and operates in approximately 50 countries around the world. Although all eleven victims are pharmaceutical giants, Novartis can be classified as one of the world’s largest companies in the sector, with significant activities in oncology, neuroscience and immunology.