DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More than 540,000 patients notified so far about Cencora/Lash Group data breach (9)

Posted on May 24, 2024June 21, 2024 by Dissent

– Only partial numbers so far 

– Only partial list of clients so far

– No group has as yet claimed responsibility for the hack and data exfiltration

As the week draws to a close, clients of Cencora and The Lash Group have been submitting breach notifications to state attorneys general.

DataBreaches reported in February that Cencora (formerly AmerisourceBergen/Lash Group) had filed notice of a cybersecurity incident with the Securities and Exchange Commission:

On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.

As of the date of this filing, the incident has not had a material impact on the Company’s operations, and its information systems continue to be operational. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

Lash Group’s Substitute Notice

The Lash Group partners with pharmaceutical companies, pharmacies, and healthcare providers to facilitate access to therapies through drug distribution, patient support and services, business analytics and technology, and other services. Their substitute notice explains that based on their investigation, personal information including personal health information was affected, “including potentially first name, last name, date of birth, health diagnosis, and/or medications and prescriptions.” They add:

“There is no evidence that any of this information has been or will be publicly disclosed, or that any information was or will be misused for fraudulent purposes as a result of this incident, but we are communicating this so that affected individuals can take the steps outlined below to protect yourself.”

DataBreaches emailed Lash Group to ask, “Does Lash Group have any evidence or reason to believe that the information will NOT be publicly disclosed or misused? Did Lash Group or Cencora pay any ransom or extortion to try to protect the patient data?” Other questions requested the number of clients affected by this incident and whether Lash Group would disclose what threat actor or group was responsible for the attack.

There has been no reply by publication and no group has as yet publicly claimed responsibility for the attack.

Separately, and as reported by Reuters, Cencora’s unit, AmerisourceBergen Specialty Group said the stolen information was in connection with a prescription supply program offered by its now-defunct subsidiary, Medical Initiatives Inc.

What we know so far

As of today, DataBreaches has identified 15 clients of Cencaro/Lash Group that have already made notification to state attorneys general. Here are the clients identified so far with their partial numbers:

  • Abbott: 461 Texans + 10 Montanans
  • AbbVie: 54,344 Texans + 1087 Montanans
  • Acadia Pharmaceuticals: 753 Texans + 124 New Hampshire residents + 95 Montanans
  • Acrotech Biopharma: no numbers available
  • Alexion Pharmaceuticals: 2 New Hampshire + 4 Montanans
  • Alkermes: + 9 Montanans
  • Amgen: 92,253 Texans + 5422 Montanans
  • AstraZeneca: 1 New Hampshire resident + 1 Montanans
  • Bausch & Lomb: 638 Texans + 5 Montanans
  • Bausch Health Companies Inc: 564 Texans + 8 Montanans
  • Bayer: 8,822 Texans + 398 Montanans
  • Bristol Myers Squibb and/or the Bristol Myers Squibb Patient Assistance Foundation: 256,237 Texans and 11,503 New Hampshire + 8388 Montanans
  • CareDx: no numbers available
  • Clovis Oncology: no numbers available
  • Dendreon: 2,923 Texans + 190 Montanans
  • Endo: 6 Montanans
  • Genentech: 5,805 Texans and 324 New Hampshire residents + 98 Montanans
  • GlaxoSmithKline Group of Companies and/or the GlaxoSmithKline Patient Access Programs Foundation: 5145 Montanans
  • Grifols: 31 New Hampshire residents + 38 Montanans
  • Heron Therapeutics: 2,081 Texans + 52 Montanans
  • Incyte Corporation: 2,592 Texans + 119 Montanans
  • Johnson Patient Assistance Foundation: 140,865 Texans + 5494 Montanans
  • Johnson & Johnson Services: 34,335 Texans + 1528 Montanans
  • Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.: 466 Texans and 27 New Hampshire + 12 Montanans
  • Novartis Pharmaceuticals: 12,134 Texans + 383 Montanans
  • Otsuka America: 3,897 Texans + 69 Montanans
  • Pfizer: 8707 Texans
  • Pharming Healthcare, Inc.: 314 Texans and 9 New Hampshire + 13 Montanans
  • Purdue Pharma: 9 New Hampshire residents affected
  • Rayner Surgical: 2,063 Texans + 3 Montanans
  • Regeneron Pharmaceuticals: 91,514 Texans, 6,553 New Hampshire residents + 3767 Montanans
  • Sandoz, Inc.: 726 Texans + 9 Montanans
  • Sanofi US Services Inc.: 183,392 Texans + 6009 Montanans
  • Smith & Nephew: 25 New Hampshire residents + 1 Montanan
  • Stemline Therapeutics, Inc: 1 Montanan
  • Sumitomo Pharma America, Inc.: 24,102 Texans, 219 New Hampshire + 401 Montanans
  • Takeda Pharmaceuticals: 7,886 Texans + 91 Montanans
  • Tolmar: 1 New Hampshire resident + 3Montanans
  • (AmerisourceBergen Specialty Group, LLC (“ABSG”): + 3 Montanans

In addition to the above, DataBreaches found 15 submissions to the Massachusetts Attorney General’s Office on behalf of clients, but the notification letters did not reveal the names of the client. Of the 15 entries, one was for 30,485 and one was for 36,626. All told, 70,516 Massachusetts residents were notified by Lash Group on behalf of clients.

With only partial numbers from some clients available, there are already 542,062 patients affected. When full numbers are revealed, the grand total for this incident will likely be significantly higher. (See UPDATES below)

Updated to include that stolen data was in connection with a prescription supply program offered by Cencora’s now-defunct subsidiary, Medical Initiatives Inc. and to correct that it was 15 entities already identified, not 14. 

Correction: A previous version of this post inadvertently named one entity as Genetech instead of Genentech.

Updates:  The partial total is now  1,066,071 for 37 entities.

We will no longer be updating this page with totals.

 

Category: BlogHackHealth DataOf NoteSubcontractorU.S.

Post navigation

← American Clinical Solutions: Over 400,000 Medical Records in the Hands of RansomHub
Ca: New online breach reporting forms for federal institutions and businesses →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.