Pharmaceutical services titan Cencora, formerly recognized as AmerisourceBergen, has unveiled a distressing episode of cyber intrusion wherein threat actors pilfered data from its corporate IT systems.
Cencora, renowned for its extensive pharmaceutical distribution network catering to doctor’s offices, pharmacies, and animal healthcare facilities, boasted a formidable fiscal prowess with $262.2 billion in revenue for the fiscal year 2023, and a labor force of approximately 46,000 individuals.
In a formal submission via a Form 8-K to the Securities and Exchange Commission (SEC), Cencora acknowledged falling prey to a cyber incursion that culminated in data exfiltration.
“On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information,” stated the SEC filing.
Cencora has asserted prompt containment of the incident and has embarked on a collaborative effort with law enforcement agencies, external cybersecurity specialists, and legal advisors to delve into the matter.
Upon detecting the unauthorized activity, the company swiftly executed containment measures and initiated an inquiry with the aid of law enforcement, cybersecurity professionals, and external legal counsel.
While Cencora has not yet ascertained whether the incident will have a material impact on its financial standing or operational functions, the company remains vigilant in its investigation.
Responding to queries from BleepingComputer, Cencora redirected attention to the statement within the SEC filing, confirming, however, that their cyber ordeal is disconnected from the Optum Change Healthcare ransomware attack, which has precipitated substantial disruptions in pharmaceutical billing.
“We have no reason to believe there is a connection between the incident at Change and the unauthorized activity at Cencora,” asserted Cencora in a statement to BleepingComputer.
At present, there exists no additional information regarding the identity of the perpetrators behind the breach at Cencora, with no ransomware syndicates laying claim to the act.