Almost a dozen pharmaceutical companies, including several major players, have lost sensitive customer data due to a supply chain cyberattack that trickled down from pharma giant Cencora.
In late February 2024, drug wholesale company Cencora (previously known as AmerisourceBergen) filed a Form 8-K with the Securities and Exchange Commission (SEC), reporting a data breach incident, without going into too many details.
Now, BleepingComputer has found 11 pharmaceutical companies, all submitting almost identical breach notification letters to the California Attorney General’s office, and all claiming a data breach as a result of the Cencora incident.
Identity theft and phishing
The affected companies are Novartis Pharmaceuticals Corporation, Bayer Corporation, AbbVie, Regeneron Pharmaceuticals, Genentech, Incyte Corporation, Sumitomo Pharma America, Acadia Pharmaceuticals, GlaxoSmithKline Group, Endo Pharmaceuticals, and Dendreon Pharmaceuticals.
The companies lost customers’ full names, postal addresses, health diagnoses, medications, and prescriptions.
At this time, there doesn't appear to be any evidence of data misuse, however, since there is genuine risk of identity theft, phishing, and other forms of attacks, the exposed individuals will be offered two years of free identity protection and credit monitoring through Experian.
Cencora’s investigation, which apparently concluded in mid-April 2024, found the incident to be a data smash-and-grab, rather than a ransomware attack - so the company does not expect the attack to have a significant effect on its operations or financial status. However, there is always the possibility of a class-action lawsuit, or the EU investigating if there was a breach of GDPR.
Cencora is a pharmacy behemoth with more than 46,000 employees, and roughly $262.2 billion in revenue, in 2023 alone. It is based out of Pennsylvania and operates in some 50 countries around the world. While all 11 of the victims are pharma giants, Novartis can be singled out as one of the world’s biggest companies in the industry, with significant operations in oncology, neuroscience, and immunology.
More from TechRadar Pro
- BreachForums hacking forum admin sentenced to 20 years supervised release
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now