Pharma giant Cencora is alerting millions about its data breach

Date:

Share post:


Cencora has so far notified over a million people around the U.S. that their personal and protected health information was compromised in a data breach earlier this year, TechCrunch has found.

The pharmaceutical giant in May said that a February incident resulted in the compromise of patients’ data, which Cencora obtained through partnerships with drug makers it works with in connection with its patient support programs. Some of those drug makers include AbbVie, Bayer, Pfizer, and Regeneron.

Cencora, known as AmerisourceBergen until 2023, says in its data breach notice that the compromised data includes patient names, their postal address and date of birth, as well as information about their health diagnoses, medications and prescriptions.

The pharma giant has so far declined to describe what led to the data breach, such as whether the incident was caused by malicious hackers or a security lapse within the organization. Cencora has also refused to confirm the number of individuals it has notified about the data breach.

TechCrunch’s analysis of published data breach notifications shows Cencora has notified at least 1.43 million individuals that their data was compromised in the February incident.

Our analysis involved searching data breach notices published on the websites of several U.S. state attorneys general, including Delaware, Iowa, Massachusetts, Montana, New Hampshire, Texas, and Washington. These states require companies affected by a data breach to publicly disclose the specific number of their state’s residents to be notified. (Many of the data breach notices are either filed on behalf of each individually affected pharma company, or filed by way of Cencora’s parent company, Lash Group.) Texas had the most number of people notified about the Cencora breach, standing at 1.05 million individuals at the time of writing.

Cencora submitted its most recent data breach notice to affected individuals in mid-July, suggesting that the pharma giant is still alerting those whose data was taken.

The number of people affected by the data breach is likely to be far higher. Cencora conceded in its own data breach notice that it cannot notify everyone affected as it does not have up-to-date address information to send notices.

Cencora said earlier this year that it has served at least 18 million patients to date.

When reached by email on Friday, Cencora spokesperson Mike Iorfino did not dispute the number of individuals it has notified so far, but declined to provide a more accurate figure, or comment on the matter.

With 1.42 million people affected, this data breach already ranks as one of the largest compromises of health-related information in 2024 so far, per a list of data breaches published by the U.S. Department of Health and Human Services (HHS).

According to HHS’ running tally for 2024 alone, health insurance giant Kaiser notified more than 13.4 million after inadvertently sharing patients’ personal and health information with advertisers; prescription management company Sav-Rx notified 2.8 million that their health information was stolen in an earlier cyberattack; and health benefits administrator WebPTA told 2.5 million individuals that cybercriminals had stolen their insurance information and Social Security numbers.

Although the number of affected individuals has yet to be revealed, the February ransomware attack on UnitedHealth’s health tech subsidiary, Change Healthcare, likely stands as one of the largest health-related data breaches in U.S. history, affecting a “substantial proportion of people in America” — likely at least a hundred million U.S. residents.

Cencora, for its part, has said that its data breach had “no connection” to the ransomware attack and data breach at Change Healthcare.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

WhatsApp rolls out voice message transcripts

WhatsApp announced on Thursday it’s rolling out voice message transcripts. The Meta-owned company says the new feature...

Threads adjusts its algorithm to show you more content from accounts you follow

After several complaints about its algorithm, Threads is finally making changes to surface more content from people...

Spotify tests a video feature for audiobooks as it ramps up video expansion

Spotify is enhancing the audiobook experience for premium users through three new experiments: video clips, author pages,...

Candela brings its P-12 electric ferry to Tahoe and adds another $14M to build more

Electric passenger boat startup Candela has topped off its most recent raise with another $14 million, the...

OneRail’s software helps solve the last-mile delivery problem

Last-mile delivery, the very last step of the delivery process, is a common pain point for companies....

Bill to ban social media use by under-16s arrives in Australia’s parliament

Legislation to ban social media for under 16s has been introduced in the Australian parliament. The country’s...

Lighthouse, an analytics provider for the hospitality sector, lights up with $370M at a $1B valuation

Here is yet one more sign of the travel industry’s noticeable boom: a major growth round for...

DOJ: Google must sell Chrome to end monopoly

The United States Department of Justice argued Wednesday that Google should divest its Chrome browser as part...