A recent cyberattack on healthcare services has been disclosed by US drug distributor Cencora, revealing a significant breach compromising highly sensitive medical data.
According to Reuters, the company notified affected individuals, stating that personal and highly sensitive medical information was stolen during the cyberattack earlier this year. The incident dates back to February when Cencora initially reported a cybersecurity incident, raising concerns about data theft from its information systems.
While the company assured there is no evidence of the compromised information being publicly disclosed or misused for fraudulent purposes, it has taken proactive measures to address the situation. Cencora is working diligently to ensure affected individuals have access to resources to safeguard their information. This includes notifying those involved in the breach and providing support to protect their data.
In addition to Cencora, other healthcare entities have also been targeted by cyberattacks this month. Ascension Health, a nonprofit health system based in St. Louis, recently disclosed a cyberattack that disrupted its clinical operations. The organization quickly engaged cybersecurity experts to investigate the incident and mitigate its impact on patient care delivery.
Similarly, MedStar Health, a health network provider, confirmed a major data breach involving unauthorized access to patient data. Reports indicate that the MedStar Health breach potentially exposed information from 183,709 patients, including names, insurance details, and addresses. Despite a forensic examination finding no misuse, patients were advised to monitor their statements for any irregularities.
Last week, Prudential Financial also suffered a cyberattack, discovering that hackers compromised its systems one day earlier. The investigation into the data theft incident is currently ongoing. Additionally, the Los Angeles County Department of Mental Health reported a data breach, exposing sensitive patient information due to an employee falling victim to a phishing email. The compromised data includes names, dates of birth, addresses, phone numbers, Social Security numbers, and medical record numbers. To address the breach, the department enlisted a forensic firm to conduct a thorough assessment. Efforts are underway to notify affected individuals, with a focus on reaching all impacted clients despite challenges posed by incomplete addresses.
During a Senate hearing, UnitedHealth's CEO Andrew Witty confirmed the payment of a $22 million ransom to the hacker group BlackCat. The ransom was paid following a hacking incident in February targeting the subsidiary Change Healthcare. CBS News reports that providers face daily losses estimated at $100 million due to ongoing disruptions, according to First Health Advisory, a digital health risk assurance firm.