Pharma Giant Cencora Confirms Data Breach During Cyberattack

Global healthcare solution provider Cencora disclosed a cybersecurity incident where unknown threat actors stole from its corporate IT systems.

The breach, which was discovered on February 21, 2023, is believed to contain some personal information. However, the company has not yet disclosed any details regarding the exfiltrated data.

In its SEC filing, the company said that it had immediately implemented remediation measures to contain the incident. “Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel,” the filing revealed.

In the filing, Cencora further went on to say that the incident has not yet had any material impact on its operations, and its internal network systems continue to operate as normal.

“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Cencora said.

Formerly AmerisourceBergen, Cencora an American pharmaceutical services company specializes in providing pharma solutions to healthcare organizations, animal care, and pharmacies, worldwide. With more than 46,000 employees, in fiscal year 2023, the company earned $262.2 billion in revenue.

In recent times, healthcare organizations have been quite susceptible to cyberattacks, due to the significant usage of IoT solutions.

In mid-December 2023, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA,) and the US Department of Health and Human Services (HHS), disclosed in a joint advisory that 70 leaked victims of ALPHV were affected from the healthcare industry.

Although the call is believed to be in response to the operational action against the group and its infrastructure by US law enforcement authorities, in early December 2023, ALPHV is steadfast in its onslaught against healthcare organizations.

On February 21, 2024, the group claimed to be behind the cyberattack against Change Healthcare. The incident which severely affected the healthcare services, across the US.