U.S. pharma giant Cencora says it is notifying affected individuals that their personal and highly sensitive medical information was stolen during a cyberattack and data breach earlier this year.
In letters to affected individuals sent out this week, Cencora said that the data from its systems includes patient names, their postal address and date of birth, as well as information about their health diagnosis and medications. The pharmaceutical giant said it had initially obtained patients’ data through partnerships with the drug makers it works with “in connection with its patient support programs.” That includes patients of Abbvie, Acadia, Bayer, Novartis, Regeneron, and other companies.
Cencora has not yet described the nature of the cyberattack, which began on February 21 and was not publicly disclosed until the company filed notice with government regulators a week later on February 27. The company, known as AmerisourceBergen until 2023, handles around 20% of the pharmaceuticals sold and distributed throughout the United States. Cencora spokesperson Mike Iorfino told TechCrunch in an email that Cencora was unwilling to say if the company has determined how many individuals are affected by the breach, and how many individuals the company has notified to date.
This is the latest security incident to hit the U.S. healthcare sector following a spate of cyberattacks in recent months, following the huge data breach and lasting outages at UnitedHealth-owned Change Healthcar.
