Cencora, a U.S. pharmaceutical company, has notified those affected by a data breach that their personal and sensitive medical information was stolen during a cyberattack, according to Tech Crunch.
Letters were sent to the affected individuals earlier this week. In the letter, Cencora said data from its internal systems included patient names, date of birth, and their postal address. It also included sensitive information about their diagnosis and medications.
‘We take the privacy and protection of the information entrusted to us very seriously.’
The pharma juggernaut noted it had obtained patients’ important information through partnerships with drug makers. These include patients who receive services from Abbvie, Acadia, Bayer, Novartis, and Regeneron, according to the report.
Cencora has not yet released detailed information about the cyberattack, which reportedly started on February 21. The development was not made public until a week later, when the company filed a notice with government regulators about the situation.
Tech Crunch reported that a company known as AmerisourceBergen until 2023 handled around 20% of all pharmaceuticals sold across the country.
“Cencora, Inc. and its Lash Group affiliate partner with pharmaceutical companies, pharmacies, and healthcare providers to facilitate access to prescribed therapies through drug distribution, free trial offers, co-pay coupons, patient support and services, and other services,” a related data breach notification by Novartis read, according to Bleeping Computer.
“We take the privacy and protection of the information entrusted to us very seriously. Cencora is writing to let you know about an event that involved your personal information that Cencora maintains in connection with its patient support programs on behalf of Novartis Pharmaceuticals Corporation.”
Concora spokesperson Mike Iorfino did not say if the company knew specifically how many individuals were affected by the data breach. It is also not known how many people have been notified by the company.
The company noted that there is currently no evidence that the information obtained in the hack has been released to the internet or that it has been used for fraudulent purposes, per reports.
However, there is still an elevated risk to exposed individuals.
Cencora is now offering recipients of the letter two years of free identity protection and credit monitoring services through Experian, which they are able to accept until August 30, 2024.
The company has not revealed how much it spends on cybersecurity.
Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!