Cencora Data Breach

data breach

In February 2024, Cencora, a pharmaceutical company providing services such as drug distribution, specialty pharmacy, consulting, and clinical trial support, announced a data breach in a Form 8-K filing with the SEC. They reported that unauthorized individuals had infiltrated their information systems and extracted personal data.

At that point, the company refrained from providing further specifics about the breach or its potential impact on clients. Recently, the California Attorney General's office disclosed several data breach notifications from major pharmaceutical firms in the U.S., all linked to the February Cencora incident.

The impacted companies include:

• Bayer Corporation
• Novartis Pharmaceuticals
• Regeneron Pharmaceuticals Inc.
• AbbVie Inc.
• Incyte Corporation
• Genentech Inc.
• Sumitomo Pharma America Inc.
• GlaxoSmithKline Group
• Acadia Pharmaceuticals Inc.
• Endo Pharmaceuticals Inc.
• Dendreon Pharmaceuticals LLC

Cencora's internal investigation revealed that the breached information exposed full names, addresses, health diagnoses, medications, and prescriptions.