Pharmaceutical giant's data breach exposes sensitive patient information

The American pharmaceutical giant Cencora was the victim of a data breach.

The company is notifying affected individuals that their personal and highly sensitive medical information was stolen in a cyberattack and data breach earlier this year.

This includes patients' names, mailing addresses, dates of birth, and information about their health diagnoses and medications.

GET SECURITY ALERTS, EXPERT TIPS – SUBSCRIBE TO KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

group of doctors

Doctors in discussion (Cencora)

What Happened: An Analysis of the Events

Cencora has not yet described the nature of the cyberattack. However, one report claims that the attack began on February 21 and was only made public when the company was informed. filed a notice with government regulators a week later, February 27.

The pharmaceutical company, known as AmerisourceBergen until 2023, handles about 20% of pharmaceutical products sold and distributed in the United States. It is unclear whether Cencora has determined how many people were affected by the breach. So far, the company has identified and notified approximately half a million people affected by the data breach. However, Cencora acknowledged that it did not have complete information on the addresses of some affected individuals and therefore published a notice on its website to contact them.

The cyberattack on pharmaceutical giant Cencora was revealed shortly after another attack that disrupted the Ascension hospital network. However, a Cencora spokesperson says there is “no connection” between the unauthorized activity at Cencora and the incidents at Change Healthcare or Ascension.

hospital

Emergency sign (Kurt “CyberGuy” Knutsson)

HOW TO DELETE YOUR PRIVATE DATA FROM THE INTERNET

Why should you care about the Cencora data breach?

Cencora is a major player in the healthcare industry in the United States. The $250 billion company partners with some of the largest pharmaceutical companies, including GlaxoSmithKline, Novartis, Genentech, Bayer, Regeneron and Bristol Myers Squibb. The breach affected at least 23 pharmaceutical and biotechnology companies, suggesting a broader impact than initially reported.

If you provided your data to one of these companies, the breach may have exposed it to the web. The number of people affected by the Cencora data breach is expected to be very high. Cencora says on its website that it has treated at least 18 million patients so far. It is quite possible that the breach exposed the data of all these patients.

The data breach may not cause immediate harm, but it's likely that your data is already in the hands of scammers on the dark web. They can use this data to scam, blackmail and harass you. Since the data breach also results in your address being leaked, fraudsters may attempt to scam you through the mail by asking for personal information or pretending to be a government authority.

CLICK HERE FOR MORE NEWS FROM US

pills

Doctor displaying medicines (Kurt “CyberGuy” Knutsson)

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS

The consequences and the response

Cencora completed its investigation into the breach on April 10, 2024. As part of its response, Cencora is offering 24 months of credit monitoring and remediation services to individuals whose information was involved in the incident. It also appears that a ransom was paid to prevent leaked patient data from being made public.

Also a class action was filed against Cencora, alleging the company failed to properly protect patient data and delayed notifying affected individuals for nearly three months after discovering the breach.

We contacted Cencora for comment on this article, and a representative provided this statement:

“Cencora previously disclosed that data from its information systems had been exfiltrated. Upon initial detection of the unauthorized activity, we immediately took containment measures and opened an investigation with the assistance of security forces. order, cybersecurity experts and external counsel.

“Through our investigation, we have identified certain individuals whose personal information was involved in the incident. Although there is no evidence that any of the information was publicly disclosed or misused for any purpose fraudulent, we send notification to affected individuals and work to ensure they have access to resources to help them protect their information.

“The incident is fully contained and has not impacted our operations. We take the security of the information entrusted to us very seriously and continue to work with cybersecurity experts to strengthen our systems and protocols. information security.”

7 proactive steps to take in the face of cyberattacks in healthcare

If you believe you may have been affected by the Cencora data breach, follow these steps to protect yourself and your personal data.

1. Stay informed: Keep up to date with the latest news from Cencora and other trusted sources to know the status of systems and services.

2. Monitor your accounts and transactions: You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

3. Use identity theft protection: Identity theft protection companies can monitor personal information such as your title deed, social security number, phone number and email address and alert you if it is used to open an account. They can also help you freeze your bank and credit card accounts to prevent unauthorized use by criminals. Check out my tips and top picks for protecting yourself against identity theft.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Change your passwords: Although Cencora claims that your personal information such as your phone number and email address has not been disclosed, it is still advisable to change your passwords. Consider using a password manager to generate and store complex passwords.

5. Vigilance against phishing: Be extremely careful phishing attempts, as cyberattacks often lead to an increase in phishing emails and calls, attempting to exploit the situation. The best way to protect yourself from malicious links that install malware that can access your private information is to install strong antivirus protection on all your devices. This can also alert you to any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android, and iOS devices.

6. Be wary of mailbox communications: Bad actors may also try to scam you through postal mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that need urgent attention, such as missed deliveries, account suspensions and security alerts.

7. Invest in Data Removal Services: While no service promises to remove all of your data from the Internet, having a removal service is ideal if you want to continuously monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. long. Check out my top picks for data deletion services here.

Kurt's Key Takeaways

Cencora and recent cyberattacks on healthcare facilities suggest that there is a serious failure in their infrastructure. Criminals should not be able to exploit these systems so easily, especially when they contain crucial patient information. However, you can be careful on your part. A data breach is irreversible, but you can protect yourself from harm by being vigilant. Do not share your personal information with anyone and avoid clicking on links you do not trust.

CLICK HERE TO GET THE FOX NEWS APP

How do you assess the trustworthiness of websites and apps before providing your personal information? Let us know by writing to us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter.

Ask Kurt a question or tell us what stories you'd like us to cover.

Follow Kurt on his social networks:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

Source

Leave a Comment