Cencora Data Breach Far More Widespread than Earlier Thought
28 May 2024 at 06:16
The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical giants including Novartis and GlaxoSmithKline disclose personal and health information data leaks stemming from the February breach incident.
Cencora Inc., formerly recognized as AmerisourceBergen, and its Lash Group affiliate announced in a February filing with the Securities and Exchange Commission (SEC) that the company faced a cybersecurity incident where βdata from its information systems had been exfiltrated.β
Cencora is a major pharmacy company with over 46,000 employees and approximately $262.2 billion in revenue in 2023. Based in Pennsylvania, it operates in around 50 countries globally.
The popular American drug wholesaler did not disclose the extent of the data breach in its February SEC filing but did confirm at the time that some of the data exfiltrated in the attack could contain personal information.
Last week, however, Cencora and The Lash Group clients began notifying state Attorneys General about a data breach that stemmed from the February cybersecurity incident at Cencora. At least 15 pharmaceutical companies reported that the personal data of hundreds of thousands of individuals were compromised.
Notifications identified the following affected companies:
- AbbVie Inc.
- Acadia Pharmaceuticals Inc.
- Bayer Corporation
- Bristol Myers Squibb Company and Bristol Myers Squibb Patient Assistance Foundation
- Dendreon Pharmaceuticals LLC
- Endo Pharmaceuticals Inc.
- Genentech, Inc.
- GlaxoSmithKline Group of Companies and the GlaxoSmithKline Patient Access Programs Foundation
- Incyte Corporation
- Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.
- Novartis Pharmaceuticals Corporation
- Pharming Healthcare, Inc.
- Regeneron Pharmaceuticals, Inc.
- Sumitomo Pharma America, Inc. / Sunovion Pharmaceuticals Inc.
- Tolmar