Cencora says additional patient data stolen in February cyberattack

Cencora says additional patient data stolen in February cyberattack is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• U.S. drug distributor Cencora has confirmed that additional sensitive patient data was stolen in a February cyberattack, including personally identifiable and health information.
• The company is working with cybersecurity experts to strengthen its defences, and there is no evidence the data has been publicly disclosed.

OUR TAKE
This incident underscores the persistent cyber threats facing healthcare providers and the need for robust security measures. Cencora’s proactive response is commendable but highlights the importance of continuous vigilance and investment in cybersecurity to protect sensitive patient data. Other firms should take heed and reinforce their own defences.
–Vicky Wu, BTW reporter

What happened

U.S. drug distributor Cencora has revealed that additional sensitive patient data, beyond what was initially reported, had been stolen in a cyberattack and data breach that occurred in February. The company initiated an investigation into the incident earlier this year and has now completed its review of most of the exfiltrated data. Cencora confirmed that the compromised data included personally identifiable information and protected health information of individuals, primarily related to those supported by a subsidiary of the company. Affected individuals and relevant regulatory agencies have been notified as required, according to a regulatory filing.

While Cencora continues to review the data, it has assured stakeholders that there is no evidence suggesting the data has been or will be publicly disclosed. The company is actively working with cybersecurity experts to enhance its surveillance and defences against future threats. Despite the breach, Cencora maintains that the incident has not had a material impact on its operations.

Also read: Indonesian cyberattack exposes rising threats in Southeast Asia

Also read: A cyberattack knocked out the heating system in Lviv, Ukraine

Why it’s important

This incident highlights the ongoing threat that cyberattacks pose to healthcare companies and the sensitive data they handle. As Cencora is a significant player in the pharmaceutical distribution sector, the breach could undermine trust among patients and healthcare providers who rely on the company for secure handling of personal and health-related information.

It also underscores the importance of robust cybersecurity measures in protecting sensitive data. Cencora’s proactive response, including notification to affected parties and regulatory agencies, demonstrates compliance with data protection regulations and a commitment to transparency. However, the fact that additional data was compromised after the initial discovery raises concerns about the effectiveness of the company’s initial response and the potential vulnerabilities in its systems.

Moreover, the event serves as a reminder to other healthcare providers and pharmaceutical companies to continuously evaluate and strengthen their cybersecurity protocols. With the increasing reliance on digital systems for patient care and record-keeping, the risk of data breaches remains a critical concern. Companies must remain vigilant and invest in advanced security measures to protect against such incidents and safeguard patient information.