Submit up to date on 5/25 so as to add three extra pharmaceutical corporations additionally impacted by the Cencora security breach.
A few of the largest drug firms on the planet have disclosed data breaches as a result of a February 2024 cyberattack at Cencora, whom they associate with for pharmaceutical and enterprise providers.
Cencora, previously AmerisourceBergen, is a pharmaceutical providers supplier specializing in drug distribution, specialty pharmacy, consulting, and medical trial help.
The Pennsylvania-based agency, with a presence in 50 international locations, employs 46,000 individuals and has a income (2023) of $262 billion.
In February 2024, Cencora disclosed a data breach in a Type 8-Okay submitting with the SEC, stating that unauthorized events gained entry to its data techniques and exfiltrated private knowledge.
On the time, the corporate opted to not share any further data relating to the incident and its potential affect on its purchasers. Additionally, no ransomware teams ever assumed duty for the assault.
At this time, the California Lawyer Basic’s workplace printed a number of data breach notification samples submitted previously couple of days by among the largest pharmaceutical corporations in the US, all attributing their knowledge publicity to the February Cencora incident.
“Cencora, Inc. and its Lash Group affiliate associate with pharmaceutical firms, pharmacies, and healthcare suppliers to facilitate entry to prescribed therapies by way of drug distribution, free trial provides, co-pay coupons, affected person help and providers, and different providers,” reads a associated data breach notification from Novartis.
“We take the privateness and safety of the data entrusted to us very critically. Cencora is writing to let about an occasion that concerned your private data that Cencora maintains in reference to its affected person help packages on behalf of Novartis Prescription drugs Company.”
The eight corporations impacted by this breach, all utilizing virtually equivalent data breach notifications, are:
- Novartis Prescription drugs Company – One of many largest pharmaceutical firms globally, with a powerful presence in numerous therapeutic areas together with oncology, neuroscience, and immunology.
- Bayer Company – A big multinational firm with vital operations in prescription drugs, client well being, and agricultural merchandise.
- AbbVie Inc. – Recognized for its blockbuster drug Humira, AbbVie is a main participant in immunology and oncology.
- Regeneron Prescription drugs, Inc. – Notable for its progressive remedies in ophthalmology, oncology, and immunology.
- Genentech, Inc. – A member of the Roche Group, Genentech is a frontrunner in biotechnology and has made vital contributions to most cancers therapy.
- Incyte Company – Focuses on oncology and hematology, with key merchandise like Jakafi.
- Sumitomo Pharma America, Inc. – A part of the Sumitomo Pharma Co., Ltd., recognized for its various portfolio in psychiatry, neurology, and oncology.
- Acadia Prescription drugs Inc. – Focuses on central nervous system issues and has a smaller market presence than the others on this listing.
- GlaxoSmithKline Group – A world healthcare firm recognized for its wide-ranging portfolio in prescription drugs, vaccines, and client healthcare, with vital efforts in respiratory ailments, HIV, and immuno-inflammation.
- Endo Prescription drugs Inc.– Focuses on ache administration, urology, and endocrinology, with a notable presence in each branded and generic prescription drugs.
- Dendreon Prescription drugs LLC – Focuses totally on oncology, notably within the growth and commercialization of immunotherapy remedies for prostate most cancers.
The data breach notices warn that Cencora’s inside investigation, which concluded on April 10, 2024, confirmed that the next data had been uncovered: full identify, tackle, well being analysis, medicines, and prescriptions.
The letter notes that as of this time, there is not any proof that the exfiltrated data has been publicly disclosed on the web or that it has been used for fraudulent functions.
As a response to the elevated threat for uncovered people, Cencora is providing recipients two years of free identification safety and credit score monitoring providers by way of Experian, which they’ll reap the benefits of till August 30, 2024.
BleepingComputer has reached out to Cencora to be taught extra concerning the data breach incident in addition to the variety of individuals impacted, however a spokesperson declined to offer further particulars, pointing us to a information launch issued final week.
