U.S. pharmaceutical giant Cencora has revealed that a cyberattack earlier this year resulted in the theft of personal and highly sensitive medical information of affected individuals. In letters sent out this week, Cencora disclosed that the stolen data includes patient names, addresses, dates of birth, health diagnoses, and medication information.
The company, formerly known as AmerisourceBergen, stated that the data was obtained through partnerships with drug makers like Abbvie, Acadia, Bayer, Novartis, and Regeneron. The cyberattack, which began on February 21, was not publicly disclosed until a week later when the company notified government regulators on February 27.
Cencora has not specified the number of individuals affected by the breach but has notified approximately half a million individuals so far. The company serves at least 18 million patients and expects the number of affected individuals to be significantly higher.
This incident adds to a series of cyberattacks targeting the U.S. healthcare sector, including recent breaches at UnitedHealth-owned Change Healthcare and Ascension. Cencora emphasized that there is no connection between its breach and those at other healthcare organizations.
Despite generating $262 billion in revenue in 2023, Cencora has not disclosed its cybersecurity spending. Spokespeople for the affected drug makers have not commented on the breach. Novartis confirmed being aware of the incident but did not provide details on the number of affected patients.