According to TechCrunch’s investigation, Cencora has alerted over a million individuals across the United States about the exposure of their sensitive and personal health data due to a security breach that occurred earlier this year.
In May, the pharmaceutical behemoth disclosed that an incident in February led to the unauthorized access of patient information, which was acquired through collaborations with pharmaceutical manufacturers associated with its patient assistance programs. Notable partners include AbbVie, Bayer, Pfizer, and Regeneron.
Formerly known as AmerisourceBergen until 2023, Cencora mentioned in its notice on the data breach that the exposed information comprises patient names, addresses, birth dates, along with details related to their health conditions, medications, and prescriptions.
To date, Cencora has not disclosed the specific cause of the data breach, including whether it was due to an external cyberattack or internal security inadequacies. Furthermore, Cencora has not verified the total number of people it has informed regarding the breach.
TechCrunch’s review of publicly available data breach notifications reveals that at least 1.43 million individuals have been notified by Cencora about their data being compromised in the February occurrence.
This analysis involved perusing data breach notifications on the websites of several state attorneys general in the U.S., such as those from Delaware, Iowa, Massachusetts, Montana, New Hampshire, Texas, and Washington. These disclosures often stem from either individual pharmaceutical companies or through Cencora’s parent company, Lash Group. Texas saw the highest number of notifications about the Cencora breach, with 1.05 million individuals being informed.
By mid-July, Cencora issued its latest breach notification, implying the company is ongoing in its efforts to alert impacted individuals.
The actual count of affected individuals might be significantly higher, as Cencora admits in its own breach notification that it cannot reach all impacted parties due to outdated contact information.
Earlier this year, Cencora reported serving over 18 million patients to date.
Cencora’s spokesperson, Mike Iorfino, when contacted via email last Friday, did not contest the figure but refrained from offering a precise number or further comments on the issue.
With the affected toll reaching 1.42 million, this breach is already among the most significant health information compromises of 2024, according to a listing by the U.S. Department of Health and Human Services (HHS).
According to the HHS’s 2024 log, major incidents include Kaiser notifying over 13.4 million individuals after unintentionally sharing personal and health information with advertisers, Sav-Rx alerting 2.8 million about their health information being pilfered in a cyberattack, and WebTPA informing 2.5 million customers about the theft of their insurance and Social Security details by cyber thieves.
Though the exact number of affected individuals is yet to be determined, the February ransomware assault on UnitedHealth’s subsidiary, Change Healthcare, is believed to be one of the most extensive health data breaches in U.S. history, potentially impacting at least 100 million residents.
Cencora has clarified that its data breach had “no connection” with the ransomware incident and data compromise at Change Healthcare.
Compiled by Techarena.au.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
