Cencora information breach exposes US affected person data from 11 drug firms

Publish up to date on 5/25 so as to add three extra pharmaceutical corporations additionally impacted by the Cencora safety breach.

Among the largest drug firms on the earth have disclosed information breaches on account of a February 2024 cyberattack at Cencora, whom they companion with for pharmaceutical and enterprise companies.

Cencora, previously AmerisourceBergen, is a pharmaceutical companies supplier specializing in drug distribution, specialty pharmacy, consulting, and medical trial help.

The Pennsylvania-based agency, with a presence in 50 nations, employs 46,000 individuals and has a income (2023) of $262 billion.

In February 2024, Cencora disclosed a knowledge breach in a Type 8-Ok submitting with the SEC, stating that unauthorized events gained entry to its info techniques and exfiltrated private information.

On the time, the corporate opted to not share any further info relating to the incident and its potential impression on its purchasers. Additionally, no ransomware teams ever assumed duty for the assault.

Right this moment, the California Lawyer Common’s workplace revealed a number of information breach notification samples submitted previously couple of days by among the largest pharmaceutical corporations in america, all attributing their information publicity to the February Cencora incident.

“Cencora, Inc. and its Lash Group affiliate partner with pharmaceutical companies, pharmacies, and healthcare providers to facilitate access to prescribed therapies through drug distribution, free trial offers, co-pay coupons, patient support and services, and other services,” reads a associated information breach notification from Novartis.

“We take the privacy and protection of the information entrusted to us very seriously. Cencora is writing to let you know about an event that involved your personal information that Cencora maintains in connection with its patient support programs on behalf of Novartis Pharmaceuticals Corporation.”

The eight corporations impacted by this breach, all utilizing virtually similar information breach notifications, are:

1. Novartis Prescription drugs Company – One of many largest pharmaceutical firms globally, with a robust presence in varied therapeutic areas together with oncology, neuroscience, and immunology.
2. Bayer Company – A big multinational firm with vital operations in prescription drugs, client well being, and agricultural merchandise.
3. AbbVie Inc. – Recognized for its blockbuster drug Humira, AbbVie is a main participant in immunology and oncology.
4. Regeneron Prescription drugs, Inc. – Notable for its progressive therapies in ophthalmology, oncology, and immunology.
5. Genentech, Inc. – A member of the Roche Group, Genentech is a frontrunner in biotechnology and has made vital contributions to most cancers remedy.
6. Incyte Company – Focuses on oncology and hematology, with key merchandise like Jakafi.
7. Sumitomo Pharma America, Inc. – A part of the Sumitomo Pharma Co., Ltd., recognized for its various portfolio in psychiatry, neurology, and oncology.
8. Acadia Prescription drugs Inc. – Makes a speciality of central nervous system issues and has a smaller market presence than the others on this checklist.
9. GlaxoSmithKline Group – A world healthcare firm recognized for its wide-ranging portfolio in prescription drugs, vaccines, and client healthcare, with vital efforts in respiratory ailments, HIV, and immuno-inflammation.
10. Endo Prescription drugs Inc.– Makes a speciality of ache administration, urology, and endocrinology, with a notable presence in each branded and generic prescription drugs.
11. Dendreon Prescription drugs LLC – Focuses totally on oncology, notably within the growth and commercialization of immunotherapy therapies for prostate most cancers.

The info breach notices warn that Cencora’s inner investigation, which concluded on April 10, 2024, confirmed that the next info had been uncovered: full identify, handle, well being analysis, drugs, and prescriptions.

The letter notes that as of this time, there isn’t any proof that the exfiltrated info has been publicly disclosed on the web or that it has been used for fraudulent functions.

As a response to the elevated threat for uncovered people, Cencora is providing recipients two years of free identification safety and credit score monitoring companies by way of Experian, which they’ll benefit from till August 30, 2024.

BleepingComputer has reached out to Cencora to be taught extra concerning the information breach incident in addition to the variety of individuals impacted, however a spokesperson declined to offer further particulars, pointing us to a information launch issued final week.