Cyber Threat Radar – Cencora has informed more than one million individuals across the United States that their personal and confidential health information was exposed in a data breach earlier this year.
The pharmaceutical company, formerly known as AmerisourceBergen until 2023, announced in May that a data breach in February led to the exposure of patients’ information, which Cencora acquired through collaborations with pharmaceutical companies involved in its patient support initiatives. Some of these pharmaceutical companies are Pfizer, Regeneron, AbbVie and Bayer.
Cencora’s Data Breach Notification
Cencora’s data breach notification indicates that the affected information comprises patient names, postal addresses, dates of birth, and details regarding their health diagnoses, medications, and prescriptions. The pharmaceutical company has not yet provided specifics regarding the cause of the data breach, including whether it resulted from cybercriminal activity or an internal security failure. Additionally, Cencora has not disclosed the number of individuals who have been informed about the breach. Cencora recently sent out notifications regarding the data breach to impacted individuals in the middle of July, indicating that the pharmaceutical company is actively informing those whose data was compromised.Individuals Impacted By Data Breach Will Be Much Greater
It is probable that the actual number of individuals impacted by the data breach is significantly greater. Cencora acknowledged in its data breach notification that it is unable to reach out to all affected parties due to outdated address information for sending notifications. “The U.S. Department of Health and Human Services (HHS) has published a list of data breaches, and this data breach is already considered one of the biggest compromises of health-related information in 2024,” commented Timothy Jenkins, Head of Cyber Defense Research, SentryBay. “While the number of affected individuals has not been disclosed in this case, it’s a clear reminder that healthcare organizations are at risk from falling victim to ransomware gangs and if breached the reputational harm will be considerable.”Change Healthcare Ransomware Attack
The ransomware attack on Change Healthcare, a health tech subsidiary of UnitedHealth in February, is likely one of the largest health-related data breaches in U.S. history, impacting a significant number of people in America, possibly over 100 million U.S. residents.Stop Data Breaches Now!
SentryBay's Armored Client solution secures business applications accessed on corporate and BYOD/BYOPC devices against information-stealing malware and other threats to data.