cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

11 big pharma firms affected in Cencora cyber attack

A February attack on a US pharmaceutical solutions company has resulted in almost a dozen drug companies disclosing their own data breaches.

user icon Daniel Croft
Mon, 27 May 2024
11 big pharma firms affected in Cencora cyber attack
expand image

On 21 February, Cencora discovered unauthorised activity on its systems and that data had been exfiltrated.

“As of the date of this filing, the incident has not had a material impact on the company’s operations, and its information systems continue to be operational,” the company said in a 28 February breach notification.

“The company has not yet determined whether the incident is reasonably likely to materially impact the company’s financial condition or results of operations.”


Now, 11 drug companies that partner with Cencora have disclosed data breaches of their own. These include:

  1. Bayer Corporation – major pharmaceutical firm known for the origin and first marketing of aspirin.
  2. Novartis Pharmaceuticals – one of the largest pharmaceutical companies in the world.
  3. Regeneron Pharmaceuticals Inc – known for ophthalmology, oncology and immunology treatments.
  4. AbbVie Inc – the creator of Humira, used to treat rheumatoid arthritis, among other things.
  5. Incyte Corporation – developer of drugs like Jakafi which is used to treat a type of bone marrow cancer called myelofibrosis.
  6. Genentech Inc – a leader in biotechnology which has made strides in the treatment of cancer.
  7. Sumitomo Pharma America Inc – specialises in neurology, oncology, and psychiatry.
  8. GlaxoSmithKline Group – a global organisation catering to a wide range of medical treatments such as vaccines, pharmaceuticals and consumer healthcare.
  9. Acadia Pharmaceuticals Inc – creates treatments for central nervous system disorders.
  10. Endo Pharmaceuticals Inc – develops medication for areas such as urology, endocrinology and pain management.
  11. Dendreon Pharmaceuticals LLC – specialises in oncology and developing immunotherapy treatments for prostate cancer.

According to data breach notifications published by the California Attorney General’s office from the affected companies, the Cencora cyber incident was the catalyst for their own breaches.

The 11 groups have published similar data breach notifications, with heavy input from Cencora affiliate partner Lash Group, which notified the organisations of the incident on 18 April.

“Based on our investigation, personal information was affected, including potentially your first name, last name, address, date of birth, health diagnosis, and/or medications and prescriptions,” reads the Bayer notification.

“There is no evidence that any of this information has been or will be publicly disclosed, or that any information was or will be misused for fraudulent purposes as a result of this incident, but we are communicating this to you so that you can take the steps outlined below to protect yourself.”

Now, the US data breach class action law firm Console & Associates is preparing class actions against the affected companies and has invited those affected to reach out.

“Our data breach lawyers are eager to speak to victims of the Bayer data breach to determine what damages they sustained and what compensation may be available to them,” says the Bayer class action page. There are also pages for Novartis, AbbVie, Genentech and more.

“Victims can file a data breach class action lawsuit if you recently received a NOTICE OF DATA BREACH from Bayer or the Lash Group.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.