DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cencora confirms patient health info stolen in February attack

Posted on August 2, 2024 by Dissent

Over on Bleeping Computer, Lawrence Abrams reports that Cencora confirmed that protected health information was involved in the February cyberattack in its recent SEC filing,

As DataBreaches previously reported, a number of Cencora—-Lash Group’s clients disclosed that personal and protected health information (PHI) was involved when they sent out notifications to their patients in May and June.  Cencora’s recent confirmation really didn’t reveal anything new about the types of information, however, as dozens of Lash Group clients had already sent out notification letters months ago that made clear that PHI was involved.

Abrams also notes speculation that Cencora paid the $75 million ransom discovered by Zscaler earlier this year. Lash Group, Cencora’s subsidiary, included a statement in its substitute notice providing some support for this hypothesis: “There is no evidence that any of this information has been or will be publicly disclosed, or that any information was or will be misused for fraudulent purposes as a result of this incident.” Other support for the hypothesis stems from the fact that no group ever claimed responsibility for the attack and no data has ever leaked.

As previously reported, DataBreaches emailed Lash Group in May to ask, “Does Lash Group have any evidence or reason to believe that the information will NOT be publicly disclosed or misused? Did Lash Group or Cencora pay any ransom or extortion to try to protect the patient data?”

Cencora replied with a generic media statement that was non-responsive, so DataBreaches repeated the email inquiry. There was no reply. Bleeping Computer has also been able to get a reply to the question.

Related posts:

  • More than 540,000 patients notified so far about Cencora/Lash Group data breach (9)
Category: Health DataSubcontractorU.S.

Post navigation

← Malaysia introduces data breach notification system to combat scams
Why Did Change Health Lowball Its 1st Breach Report to Feds? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.