Leading drug distributor Cencora has revealed a cybersecurity incident in which data from its information systems was compromised, potentially containing personal information.
The breach was discovered on February 21, 2024, according to a Securities and Exchange Commission (SEC) filing released the same day.
“Upon initial detection of the unauthorized activity, the Company immediately took containment measures and initiated an investigation with the assistance of law enforcement, cybersecurity experts and external counsel,” indicates the file.
Cencora specializes in pharmaceutical services, distributing medications and solutions for medical practices, pharmacies and veterinary care. The company had revenue of $262.2 billion in fiscal 2023 and has approximately 46,000 employees.
“Healthcare organizations are very attractive to bad actors due to the wide range of IoT devices and applications in use, ranging from systems like EPIC to security cameras, printers and access control systems “, commented Viakoo CEO, Bud Broomhead.
“IoT security is often considered the weakest element of an organization’s security; Seeing visible efforts by healthcare organizations to improve their IoT security will give confidence to patients, shareholders and employees who are victims of cyberattacks.
Learn more about IoT security: Half of IT leaders identify IoT as a security weakness
As of the filing date, Cencora states that the incident has not had a material impact on its operations and that its systems remain operational.
However, the company has also “not yet determined whether the incident is reasonably likely to have a material impact on (its) financial condition or results of operations.”
According to Claude Mandy, chief data security evangelist at Symmetry systemsIt is concerning, although not entirely unexpected, that Cencora cannot conclusively confirm whether the exfiltrated data contains personal information.
“The lack of visibility into the data held by organizations is leading to mass adoption of modern data security tools,” Mandy said.
Cencora said updates on the investigation will be provided in accordance with regulatory requirements.