Pharmaceutical company Cencora has been the latest victim of a cyber-attack, confirming that sensitive personal and health data was exfiltrated in February 2024. In an updated filing to the US Securities and Exchange Commission (SEC) on July 31, Cencora revealed that additional data, beyond the initial findings, had also been compromised. This included personally identifiable information (PII) and protected health information (PHI) of individuals, most of which is managed by a subsidiary company offering patient support services.
The company has taken proactive steps to notify potentially affected individuals and will continue to provide necessary notifications as they delve deeper into the exfiltrated data. However, the filing did not disclose the exact number of people impacted or the name of the subsidiary firm involved in the breach. Fortunately, there is no evidence suggesting that the stolen data has been misused or made public by the attackers.
Cencora is confident that the incident has been contained, and they are actively working on remediation efforts with cybersecurity experts to strengthen their systems and enhance surveillance of potential cybersecurity threats. Despite the breach, the company assures that its operations have not been severely impacted, and its information systems remain fully functional.
The cyber-attack on Cencora is just one of many incidents targeting healthcare services in 2024, with a significant impact on patient care across the industry. Earlier in the year, the Change Healthcare ransomware attack resulted in delays in prescription services and disruptions to patient care, affecting millions of Americans by exposing their personal data.
Another ransomware attack on US private healthcare provider Ascension in May forced ambulances to be diverted and patient appointments to be rescheduled, causing further strain on an already overwhelmed healthcare system. The recent ransomware attack on US blood donation center OneBlood has significantly impacted their ability to collect, test, and distribute blood to hospitals in the Southeastern US, prompting an urgent public appeal for blood donations.
In the UK, a ransomware attack on pathology provider Synnovis in June has severely disrupted NHS hospital services, highlighting the growing threat of cyber-attacks on critical healthcare infrastructure worldwide. These incidents underscore the urgent need for healthcare organizations to prioritize cybersecurity measures and invest in robust defense mechanisms to safeguard sensitive patient information and ensure uninterrupted delivery of essential services.
As the healthcare sector continues to grapple with the escalating threat of cyber-attacks, concerted efforts must be made to enhance cybersecurity resilience, implement stringent data protection protocols, and foster collaboration between industry stakeholders to effectively combat this pervasive and evolving threat landscape. Only through collective vigilance and proactive risk mitigation strategies can healthcare providers safeguard patient data, maintain service continuity, and uphold public trust in the face of escalating cyber threats.