top of page


  • Tech Journalist

US pharma giant Cencora confirms sensitive health data was stolen in February breach

U.S. drug distributor Cencora, formerly AmerisourceBergen, is in the spotlight after revealing that a data breach earlier this year compromised the personal and medical information of a yet-to-be-determined number of Americans. Letters sent to affected individuals this week confirmed the theft of sensitive data, including names, addresses, dates of birth, diagnoses, and medication details.

The pharmaceutical company revealed that it had initially obtained patients’ data through partnerships with the drug makers it works with including Abbvie, Acadia, Bayer, Novartis, and Regeneron.

Cencora initially disclosed the cybersecurity incident in February, stating that some information within their systems might have been stolen. However, the company remained tight-lipped regarding the nature of the cyberattack and the extent of the breach. This lack of transparency has drawn criticism, particularly in light of the sensitive nature of the exposed data.

Health information breaches pose a significant risk to individuals, as stolen data can be used for fraudulent purposes such as obtaining prescriptions or medical services. The compromised diagnoses could also be used to discriminate against individuals when applying for insurance or employment.

Worse, cybercriminals can target data breach victims and demand ransom in return for not leaking private medical information.

While Cencora has not revealed the exact number of affected individuals, some reports suggest it could be substantial. The company handles around 20% of the pharmaceuticals sold and distributed throughout the United States. So far, half a million individuals have been notified of the breach.

The news comes amidst growing concerns about cybersecurity threats within the healthcare industry. This incident follows a cyberattack on major insurer UnitedHealth earlier this year, highlighting the vulnerability of patient data.

Cencora has yet to disclose how many individuals have been notified, and questions remain regarding the specifics of the cyberattack. The company has assured those affected that it will offer free credit monitoring and identity theft protection services. However, the potential consequences of this data breach are significant, and many are left wondering how Cencora plans to prevent similar incidents in the future.


bottom of page