Pharma giant’s data breach exposes patients’ sensitive information

US pharmaceutical giant Cencora has been affected by a data breach. The company is notifying affected individuals that their personal and highly sensitive medical information was stolen during a cyberattack and data breach earlier this year. This includes patient names, postal addresses, dates of birth, as well as information about their health diagnoses and medications.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cencora

 

What happened: A breakdown of events

Cencora has not yet described the nature of the cyberattack. However, a report claims the attack began on February 21 and was not publicly disclosed until the company filed notice with government regulators a week later on February 27.

The pharmaceutical company, known as AmerisourceBergen until 2023, handles around 20% of the pharmaceuticals sold and distributed throughout the US. It’s unclear if Cencora has determined how many individuals are affected by the breach. The company says it has identified and notified roughly half a million individuals impacted by the data breach so far. However, Cencora acknowledged that it lacks complete address information for some affected people, so it published a notice on its website to reach them.

The cyberattack on pharmaceutical giant Cencora came to light shortly after another attack that disrupted Ascension’s hospital network. However, a Cencora spokesperson says that there’s “no connection” between the unauthorized activity at Cencora and the incidents at Change Healthcare or Ascension.

 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

 

Why should you care about the Cencora data breach?

Cencora is a major player in the US healthcare industry. The $250-billion firm partners with some of the largest pharmaceutical companies, including GlaxoSmithKline, Novartis, Genentech, Bayer, Regeneron, and Bristol Myers Squibb. The breach has affected at least 23 pharmaceutical and biotechnology companies, suggesting a broader impact than initially reported.

If you provided any of these companies with your data, it’s possible that the breach has exposed it to the web. The number of individuals affected by the Cencora data breach is expected to be very high. Cencora states on its website that it has served at least 18 million patients to date. It’s quite possible that the breach might have exposed the data of all these patients.

There may not be immediate harm from the data breach, but chances are your data is already in the hands of scammers on the dark web. They can use this data to scam, blackmail, and harass you. Since the data breach also leaks your address, scammers may try to scam you through the mail by asking for personal information or pretending to be a government authority.

 

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS  

 

The aftermath and response

Cencora completed its investigation into the breach on April 10, 2024. As part of its response, Cencora is offering 24 months of credit monitoring and remediation services to individuals whose information was involved in the incident. There is also an indication that a ransom may have been paid to prevent the leaked patient data from being released to the public.

Also, a class-action lawsuit has been filed against Cencora, alleging the company failed to properly safeguard patient data and delayed notifying affected individuals for nearly three months after discovering the breach.

We reached out to Cencora for a comment on this article, and a rep provided this statement:

 

 

 

7 proactive steps to take in the face of healthcare cyberattacks

If you think you have been affected by the Cencora data breach, follow these steps to protect yourself and your personal data.

1) Stay informed: Keep up-to-date with the latest news from Cencora and other reliable sources to know the status of the systems and services.

 

2) Monitor your accounts and transactions: You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

 

3) Use identity theft protection: Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

up to 1 million dollars to cover losses and legal feesUS-based case manager helps you recover any losses

CyberGuy’s Exclusive Offer:

Best identity theft protection services 2024

 

4) Change your passwords: Although Cencora says your personal details like phone number and email address haven’t been leaked, it’s still advisable to change your passwords. Consider using a password manager to generate and store complex passwords.

 

5) Vigilance against phishing: Be extra cautious of phishing attempts, as cyberattacks often lead to an increase in phishing emails and calls, trying to exploit the situation. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have strong antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

Best Antivirus Protection 2024

 

6) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

 

7)

Special for CyberGuy Readers (60% off): 175+ data brokers

Get Incogni here

Kurt’s key takeaways

Cencora and the recent cyberattacks on healthcare institutions suggest there’s a serious lapse in their infrastructure. Criminals shouldn’t be able to exploit these systems so easily, especially when they contain crucial information about patients. However, you can be cautious on your end. A data breach cannot be reversed, but you can protect yourself from harm by being vigilant. Do not share your personal information with anyone, and avoid clicking on links you don’t trust.

How do you evaluate the trustworthiness of websites and apps before providing your personal information? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Voter beware: Text scam targets you, no matter where you live

Hide and lock your apps on your iPhone with iOS 18

Windows users are being tricked by sneaky malware scheme