Cencora Inc. has encountered a significant cybersecurity setback, as disclosed in a recent SEC filing. Uncovered on February 21, 2024, the breach involved unauthorized access to Cencora’s information systems, raising concerns about potential exposure of personal data.
Cencora Inc., formerly recognized as AmerisourceBergen, is a popular American drug wholesale company and a contract research organization, a result of the merger between Bergen Brunswig and AmeriSource back in 2001.
Cencora Data Breach Confirmed: Sensitive Data Accessed
Prompt action followed the detection of the Cencora data leak, as the organization initiated containment measures while launching a thorough investigation in collaboration with law enforcement, cybersecurity experts, and external legal counsel.
The company’s commitment to transparency led to the disclosure of the incident through an SEC filing, emphasizing its dedication to addressing the situation head-on.
Despite the gravity of the Cencora data breach, the organization affirmed that its operational integrity remained intact, with its information systems remaining functional. While the full extent of the breach’s impact on financials and operations remains undetermined, the company assured stakeholders that it’s actively monitoring the situation.
The Cyber Express also reached out to Cencora to learn more about this cybersecurity incident, including the involvement of any ransomware groups. However, at the time of writing this, no official statement or response has been received, except for the SEC filing released last week.
Similar Cyberattacks on the Healthcare Industry
Following the Cencora data breach, the organization took prompt and thorough actions to contain the incident and commenced an internal investigation to understand its full impact. However, this incident is not isolated, as recent cyberattacks have targeted medical entities.
On February 22, Change Healthcare disclosed that it had discovered a cyber attack and as a part of the response, disconnected its systems to mitigate further harm. The company emphasized its commitment to safeguarding partners and patients.
In an SEC filing, Change Healthcare, headquartered in Nashville, Tennessee, disclosed its engagement with an external cyber forensics firm and its notification of relevant authorities and potentially affected parties.
The company assured that the cyber attack appeared to be limited to its systems and had not spread to other organizations within the UnitedHealth Group.
Change Healthcare identified the suspected perpetrator as a nation-state threat actor but remained uncertain about their motives. Despite the attack, all other systems within UnitedHealth Group remained operational.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.