The Cencora data breach resulted in unauthorized access and theft of data from its corporate IT systems. Formerly identified as AmerisourceBergen, Cencora plays a key role in the pharmaceutical industry by providing drug distribution and healthcare solutions to doctor’s offices, pharmacies, and animal health services.
What’s the extent of the Cencora data breach?The company, which reported a revenue of $262.2 billion for the fiscal year 2023 and employs roughly 46,000 staff, disclosed this security breach in a Form 8-K filing with the SEC, highlighting the significant cybersecurity challenge it faced.
“On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information,” states the SEC filing.
The company says that the Cencora data breach has been contained, and efforts are currently underway in collaboration with law enforcement, external cybersecurity specialists, and legal advisors to thoroughly investigate the breach. Following the initial detection of unauthorized access, the company promptly implemented containment measures and launched a comprehensive investigation with the support of external experts.
As of now, Cencora has yet to ascertain whether this security breach will have a significant financial or operational impact on their business. Nevertheless, they have clarified that this cyberattack is distinct from the Optum Change Healthcare cyber attack, which resulted in widespread disruptions in pharmaceutical billing services.
“We have no reason to believe there is a connection between the incident at Change and the unauthorized activity at Cencora,” the company told to BleepingComputer.
Currently, details regarding the identity of the perpetrators behind the Cencora data breach remain undisclosed, with no ransomware groups coming forward to claim responsibility.
Interestingly, a ransomware collective known as Lorenz had previously alleged an infiltration of Cencora (then AmerisourceBergen) in February 2023, purporting to have exfiltrated data specifically from the company’s Animal Health division.
The Cencora data breach resulted in unauthorized access and theft of data from its corporate IT systems What happens if personal data is leaked?When personal data is leaked in such cases as the Cencora data breach, it can lead to a range of adverse consequences for both the individuals affected and the entity responsible for safeguarding the data. Here are some potential outcomes and impacts of a personal data leak:
For individuals:
For organizations:
When incidents such as Cencsora data breach happen, immediate action is crucial.
Image credits: Kerem Gülen/Midjourney