Over a dozen major pharmaceutical suppliers have informed individuals that their data was compromised following a February breach at US drug wholesaler Cencora. The companies are Bayer Corporation, Novartis Pharmaceuticals Corporation, AbbVie, Regeneron Pharmaceuticals, Genentech, Incyte Corporation, Sumitomo Pharma America, Acadia Pharmaceuticals, GlaxoSmithKline Group, Endo Pharmaceuticals, Bristol Myers Squibb, and Dendreon Pharmaceuticals.
Cencora, previously known as AmerisourceBergen, is a key player in the pharmaceutical distribution industry. With a market value of $250 billion and partnerships with leading companies such as GlaxoSmithKline, Novartis, Genentech, and others, it is a leader in the field.
Notifications sent to affected individuals late last week reveal that personal information, including names, addresses, date of birth, health diagnoses, and medication details, may have been accessed. The notifications emphasised that there’s no evidence suggesting that the stolen information has been or will be missed, reports The Register.
However, cybersecurity experts have advised individuals to take precautionary measures to protect their data via monitoring tools. Affected customers can visit www.experianidworks.com/plus and then follow the instructions Cencora mentions in the breach notification.
Cencora initially disclosed the breach in a Securities and Exchange Commission (SEC) Form 8-K filing in February 2024, noting that the intrusion was discovered on February 21.
“On February 21, 2024, Cencore, Inc., learned that data from its information systems had been infiltrated, some of which may contain personal information,” mentioned the company in the filing.
The company stated that the exfiltrated data might include personal information but assured that the breach had not materially impacted their operations or information systems.
“As of the date of this filing, the incident has not had a material impact on the Company’s operations, and its information systems continue to be operational. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” continued Cencora.
The exact extent of individuals affected by the breach is not known, as the California Attorney General doesn’t require companies to disclose this information.
In the News: GoI to block international spoofed calls showing Indian numbers
