Written by : Arti Ghargi
May 27, 2024
US Pharmaceutical giant Cencora has reported that the personal health information of thousands of patients was compromised in a data breach earlier this year. Cencora has begun notifying patients about the cyberattack.
The data breach, Censor said, affects individuals who participated in patient support programs offered by Cencora's partner drug companies.
According to the company statement, Cencora first discovered an unauthorized activity on its system on February 21 and the data had been exfiltrated.
“As of the date of this filing, the incident has not had a material impact on the company’s operations, and its information systems continue to be operational,” the pharma giant had said in a February 28 breach notification.
Cencora handles 20% of the pharmaceuticals sold and distributed in the US.
According to a letter intimation sent out by Cencora, the exposed data includes names, addresses, dates of birth, health diagnoses, and medication information of patients.
Cencora discovered an unauthorized activity on its systems on February 21, 2024. However, the company did not publicly disclose the breach until a week later, when it filed a notice with the Securities and Exchange Commission (SEC).
The company is yet to reveal the nature and extent of the cyberattack.
“The company has not yet determined whether the incident is reasonably likely to materially impact the company’s financial condition or results of operations,” it said in a February 28th statement.
The data breach has affected 11 drug companies that have partnered with Cencora namely AbbVie, Acadia, Bayer, Novartis, Regeneron, Incyte, Genentech, Sumitomo Pharma, GlaxSmithKline (GSK), Endo Pharma and Dendreon Pharma.
The company obtained this data from patients who participated in programs offered by these drug companies.
Following Cencora's notification, the partner drug companies have disclosed their own data breaches.
“Based on our investigation, personal information was affected, including potentially your first name, last name, address, date of birth, health diagnosis, and/or medications and prescriptions,” Bayer stated in the notification.
This suggests that the attackers may have specifically targeted Cencora's systems to access patient data from these partnered programs.
This incident highlights the growing issue of cyberattacks targeting the healthcare industry. The vast amount of sensitive patient data stored by these organizations makes them prime targets for hackers.
Earlier this month, Ascension, a prominent health system operating 140 hospitals across 19 states and Washington, DC, was hit by a major cybersecurity breach.
The health system said that it detected an unusual activity within its network systems following which its clinical operations were disrupted.
In April, American healthcare giant UnitedHealthcare became a victim of a massive ransomware attack compromising the data of millions of patients including their medical, personal, and payment data. The company faced a loss of a staggering $872 million.
Per the American Hospital Association, 94% of American hospitals experienced disruptions in cash flow, and over half of them reported substantial financial damage as a result of Change’s failure to handle claims.