August 1, 2024 at 05:48AM
Pharma giant Cencora confirmed the theft of personal and health information in a February 2024 cyberattack. The incident was disclosed in a regulatory filing, revealing that additional data was compromised beyond the initial discovery. Cencora has completed its review of the stolen information and provided notifications to impacted individuals and regulatory agencies.
From the meeting notes, it is clear that Pharma giant Cencora experienced a significant data breach which led to the theft of personally identifiable information (PII) and protected health information (PHI) of a substantial number of individuals. The breach was not limited to Cencora itself, as its subsidiary, Lash Group, also had information stolen.
Cencora promptly notified impacted individuals and regulatory agencies, offering two years of free credit monitoring and remediation services. While it claimed to have contained the incident, it is suggested that it engaged in communication with the attackers and likely paid a ransom to ensure that the stolen information was deleted.
This incident has been disclosed in regulatory filings with the Securities and Exchange Commission (SEC) and various state attorneys general. Despite the company’s claims that the attack had not materially impacted its operations, the scale of the breach and the subsequent notifications from its partners and subsidiaries raise concerns about the potential consequences for affected individuals and the company’s reputation.
These findings are distressing and suggest that Cencora needs to take concrete steps to strengthen its cybersecurity measures and regain trust in its data protection practices.