Cencora Inc., a prominent healthcare organization in the United States, recently faced a major setback in terms of cybersecurity. The company reported a significant data breach in a recent SEC filing, which was uncovered on February 21, 2024. This breach involved unauthorized access to Cencora’s information systems, raising concerns about the potential exposure of personal data.
Formerly known as AmerisourceBergen, Cencora Inc. is a well-known drug wholesale company and a contract research organization, resulting from the merger between Bergen Brunswig and AmeriSource in 2001.
In response to the data breach, Cencora took immediate action by implementing containment measures and launching a comprehensive investigation in collaboration with law enforcement, cybersecurity experts, and external legal counsel. The organization’s commitment to transparency led to the disclosure of the incident through an SEC filing, demonstrating its dedication to addressing the situation head-on.
Despite the severity of the breach, Cencora assured stakeholders that its operational integrity remained intact, with information systems remaining functional. While the full impact of the breach on financials and operations is still uncertain, the company stated that it is actively monitoring the situation.
When reached out for further insights on the cybersecurity incident, including the involvement of any ransomware groups, Cencora did not provide any additional official statement or response beyond the SEC filing released last week.
The data breach at Cencora is not an isolated incident within the healthcare industry. Other similar cyberattacks have targeted medical entities in recent times. For instance, on February 22, Change Healthcare disclosed that it had experienced a cyber attack and disconnected its systems to mitigate further damage. The company, headquartered in Nashville, Tennessee, emphasized its commitment to protecting partners and patients.
In its SEC filing, Change Healthcare revealed its collaboration with an external cyber forensics firm and its communication with relevant authorities and potentially affected parties. The company confirmed that the cyber attack was contained within its systems and had not spread to other organizations within the UnitedHealth Group.
The suspected perpetrator of the attack was identified as a nation-state threat actor, although their motives remained unclear. Despite the incident, all other systems within the UnitedHealth Group continued to function without disruption.
In conclusion, the cybersecurity incidents at Cencora Inc. and Change Healthcare highlight the ongoing threat posed by cyber attacks in the healthcare industry. As organizations continue to strengthen their security measures and responses, vigilance and prompt action remain crucial in mitigating the risks associated with data breaches and cyber threats.