Network Security, Data Security, Privacy

Cencora reports data exfiltration in cyberattack on pharmaceutical giant

3d render, conveyor with the glass jars, modern pharmaceutical factory. Closeup of ampules are being filled with vaccine and closed with blue caps. Medical wallpaper

Yet another attack on the healthcare sector was reported this week when large pharmaceutical distributor Cencora disclosed that personal information was exfiltrated from its IT systems in a cyberattack.

In an 8-K filing with the Securities and Exchange Commission (SEC), the company said it first learned about the incident on Feb. 21 and it has not had a material impact on the company and has yet to determine whether it would have such an impact on the company's financial condition or operations.

Cencora, which was formally renamed in August from AmerisourceBergen to reflect its global presence, reported $260 billion in revenue for its fiscal year 2023 and employs more than 46,000 people.  

When asked about any links to the recent Change Healthcare case, in which ALPHV/BlackCat was reportedly the threat actor in an incident that disrupted pharmacy operations nationwide, a company spokesperson said: “they have no reason to believe there is a connection between the incident at Change and the unauthorized activity at Cencora.”

“While Cencora’s statement of no connection between their incident and Change Healthcare is certainly believable, for me it only means that Change’s computing resources were not used as a pivot point to launch an attack on Cencora,” said Toby Gouker, chief security officer at First Health Advisory.

Cyberattacks on healthcare will continue

The attack against Cencora highlights the different sections of the healthcare industry that continue to be a massive target for cybercriminals, said Darren Williams, founder and CEO of BlackFog. By targeting providers of access and supply chain efficiencies, there will surely be a ripple effect felt in many places throughout the country, said Williams. 

“It’s also concerning to see that hackers exfiltrated data and even more so that the type of data stolen is not yet disclosed,” said Williams. “Once hackers successfully exfiltrate data, there’s no stopping them from implementing double and triple extortion attacks, going after not only individual members of the company, but any patients or customers whose data was also stolen. As extortion continues to be the tactic of choice for attackers, we must focus on preventing data exfiltration in the first place.” 

Bud Broomhead, chief executive officer at Viakoo, said healthcare organizations are clearly targets, and because they are heavy users of IoT devices and applications, they are often more vulnerable than other organizations. Broomhead added that healthcare organizations are very attractive to threat actors because of the wide range of IoT device and applications used, ranging from systems like EPIC all the way to security cameras, printers, and access control systems. 

“This is unlike the ongoing Optum ransomware issues, which has had devastating impacts on the ability of healthcare organizations to provide pharmaceuticals,” said Broomhead. “However, whether it’s for data theft or the ability to create havoc by disrupting delivery of healthcare services, threat actors will continue to target healthcare.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.