Several pharmaceutical firms, including major players, lost sensitive client data after a supply chain cyberattack originating from Cencora. In late February 2024, Cencora, formerly known as AmerisourceBergen, notified the SEC of a data breach incident. BleepingComputer discovered that 11 pharmaceutical companies, including Novartis Pharmaceuticals Corporation, Bayer Corporation, and others, reported similar breaches linked to the Cencora incident to the California Attorney General’s office.
The compromised data included customers’ names, addresses, health details, and prescriptions. While there’s no evidence of data misuse yet, affected individuals face risks like identity theft and phishing. They’ll receive two years of free identity protection and credit monitoring from Experian. Cencora’s investigation concluded it was a data smash-and-grab, not ransomware, likely having minimal impact on operations or finances.
However, there’s a potential for lawsuits or GDPR investigations. Cencora, a Pennsylvania-based company with over 46,000 employees and $262.2 billion revenue in 2023, operates in 50 countries. Novartis, among the affected giants, is a major player in oncology, neuroscience, and immunology.
