In February 2024 [1] [2] [3] [4], pharmaceutical company Cencora [1] [2], based in Pennsylvania [1], fell victim to a cyber-attack that compromised the personal information of individuals receiving patient support services from its subsidiary, Lash Group [3].

Description

The cyber-attack on Cencora resulted in the theft of personally identifiable information (PII) and protected health information (PHI) from over 250,000 individuals. The breach involved the exfiltration of additional data beyond the initial intrusion, with at least 40 partners reporting the incident in regulatory filings. The stolen information included names, dates of birth [4], health diagnoses [3] [4], and medications [3] [4]. Cencora has taken steps to notify affected individuals and regulatory agencies, offering two years of free credit monitoring and remediation services [4]. While the specific ransomware family involved was not disclosed, it is believed that a ransom was paid to secure the deletion of the stolen data. Despite the breach, Cencora’s operations have not been significantly impacted, and there is no evidence of data misuse by the attackers [2]. The company is working with cybersecurity experts to enhance its systems and prevent future unauthorized access [2].

Conclusion

The cyber-attack on Cencora underscores the importance of robust cybersecurity measures in safeguarding sensitive information. While the company has taken steps to mitigate the impact of the breach, the incident serves as a reminder of the ongoing threat posed by cybercriminals. Moving forward, Cencora’s collaboration with cybersecurity experts and implementation of enhanced security protocols will be crucial in preventing future breaches and protecting the privacy of individuals’ data.

References

[1] https://seculore.com/state/pennsylvania/08-01-2024-pa-cencora/
[2] https://www.infosecurity-magazine.com/news/cencora-patient-data-stolen/
[3] https://securityaffairs.com/166422/data-breach/cencora-confirmed-theft-pii-heath-data.html
[4] https://cybersocialhub.com/csh/personal-health-information-stolen-from-pharma-giant-cencora/