Any Freepers get a notice from "Cencora?"

[LouAvul]

It's a form letter from Cencora and its Lash Group partner, with pharma companies. They say they had a data breach 2/21/24 and patient's data may have been leaked.

They're letting clients know "what information was potentially involved.." The "potential" information was Bob's (not the real name; it's a relative of mine) first name, last name, address, date of birth, health diagnosis, and or prescriptions.

Page two says their solution is to provide two years Experian services (which includes notifications of activity, etc). Then they go into a lengthy description of Experian and how they can help.

It sounds like a scheme to promote premium services for a credit reporting company but, I don't know.

I trust FR and just wanted to see if you've gotten such an offer. Thank you.

[AppyPappy]

It sounds phishy. Possibly a scam. Your first stop is Google to see if it is true. Don’t click on any links. If there is a link, you need to see the URL to see if it points to the actual site.

[Responsibility2nd]

It sounds like their offer of Experian services is worse than the potential loss due to the data breach. No thanks.

[z3n]

Then they go into a lengthy description of Experian and how they can help.

~~~

I’m really sick of hearing crap like this.

Sending people to Experian for help is not enough. It’s a bandaid at best. It’s reactive and doesn’t fix or compensate for the damage that was done.

[KrisKrinkle]

“I trust FR...”

Trust but verify.

[Dartoid]

I received a letter as well. In the past couple of years I have gotten similar letters from multiple businesses including AT&T. This letter from Cencora was especially offensive in that it obviously was written by attorney’s trying to cover themselves. Data breaches are frequently caused by weakest security link (people).

All that said, I was provided free credit monitoring via Experion from a previous breach. It is a good service and useful. This offer from Cencora is standard offering when companies have a breach. Minimal CYA from them.

[Blurb2350]

It seems to be standard practice nowadays to offer some sort of Experian-type service after a data breach. Perhaps doing so frees the breached company from any sort of legal liability. (What happens when Experian is hacked?)

[Robert DeLong]

Contact them directly:

Cencora contact Page

The breach claim is a valid claim:

May 24, 2024: US pharma giant Cencora says Americans’ health information stolen in data breach

U.S. pharmaceutical giant Cencora says it is notifying affected individuals that their personal and highly sensitive medical information was stolen during a cyberattack and data breach earlier this year.

In letters to affected individuals sent out this week, Cencora said that the data from its systems includes patient names, their postal address and date of birth, as well as information about their health diagnoses and medications.

The pharma giant said it had initially obtained patients’ data through partnerships with the drug makers it works with “in connection with its patient support programs.” That includes patients of AbbVie, Acadia, Bayer, Novartis, Regeneron, and other companies

But if you have any doubts, contact them personally, first to be sure.

Search results page to show all of the hits on this topic

[Gaffer]

https://www.jdsupra.com/legalnews/cencora-provides-notice-of-data-breach-2211310/

[Sequoyah101]

Nope.

Until we put our lives in a digital world we hardly ever had identity theft. I have more passwords than Carter has little pills.

[ransomnote]

2 Dozen Pharmaceutical Companies Affected by Cencora Cyberattack

Posted By Steve Alder on May 27, 2024

Cencora, Inc. (formerly AmerisourceBergen), and its Lash Group affiliate, have been affected by a cyberattack. Cencora announced the attack in a February 2024 filing with the Securities and Exchange Commission (SEC); however, at that point, the extent of the data breach had yet to be determined although Cencora did confirm in the SEC filing that data was exfiltrated in the attack.

Cencora is a Conshohocken, PA-based company that partners with pharmaceutical firms, healthcare providers, and pharmacies and offers drug distribution, patient support and services, business analytics and technology, and other services. Around 20% of pharmaceutical products sold and distributed in the United States are handled by Cencora.

Last week, clients of Cencora and The Lash Group started notifying state Attorneys General about the data breach. The total number of affected clients has not yet been confirmed but the breach is known to have affected at least 24 pharmaceutical and biotechnology companies and involved the theft of the personal data of hundreds of thousands of individuals. Based on the notifications sent to state Attorneys General so far, the following pharmaceutical and biotechnology companies have been affected:

• Abbot
• AbbVie Inc.
• Acadia Pharmaceuticals Inc.
• Amgen Inc.
• Bausch Health Companies Inc.
• Bayer Corporation
• Bristol Myers Squibb Company and Bristol Myers Squibb Patient Assistance Foundation
• Dendreon Pharmaceuticals LLC
• Endo Pharmaceuticals Inc.
• Genentech, Inc.
• GlaxoSmithKline Group of Companies and the GlaxoSmithKline Patient Access Programs Foundation
• Heron Therapeutics, Inc.
• Incyte Corporation
• Johnson & Johnson Services, Inc.& Johnson & Johnson Patient Assistance Foundation, Inc.
• Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.
• Novartis Pharmaceuticals Corporation
• Otsuka America Pharmaceutical, Inc.
• Pfizer Inc.
• Pharming Healthcare, Inc.
• Rayner Surgical Inc.
• Regeneron Pharmaceuticals, Inc
• Sandoz Inc.
• Sumitomo Pharma America, Inc. / Sunovion Pharmaceuticals Inc.
• Takeda Pharmaceuticals U.S.A., Inc.
• Tolmar

[SunkenCiv]

• Democrat who blamed GOP and Trump for 'Hinduphobic' messages has been arrested by Texas Rangers for alleged race hoax [06/14/2024]
• A Poor Reason to Be a Trump-Hater [06/14/2024]

  ---

• Hunter Biden drops laptop lawsuit against Rudy Giuliani [06/14/2024]

  ---

• The Feds Are Itching to J6 Us Again [06/14/2024]

  ---

• RNC declares 'victory' in judge ruling on Michigan secretary of state's signature verification rule [06/14/2024]
  • Judge: Michigan Secretary Of State's Lax Ballot Signature Guidance Is Unconstitutional [06/13/2024]
  • Entrapment in play as appeals court looks at plot to kidnap Michigan governor [06/12/2024]
  • Michigan school board member: Teachers should be allowed to refer students for secret abortions [06/11/2024]
  • Church Leader at Televangelist Mark Barclay's Michigan Church Facing Additional Charges [06/07/2024]
  • Trapped in a psych ward: Michigan doc pre-signed blank forms that can rob you of your freedom [06/05/2024]

  ---

• US supreme court strikes down federal ban on 'bump stock' devices for guns [06/14/2024]
• Gun Control Group has Negligent Discharge at Police Station [06/14/2024]

  ---

• 2 years after overturning Roe, SCOTUS preserves pill that helps kill unborn children [06/14/2024]

  ---

• The Plague of Ideas [06/14/2024]
• Masked thief holds man at gunpoint, chokes and robs him inside NYC elevator: video [06/14/2024]
• I'm your huckleberry [06/14/2024]
• Report: Undercover Israeli Agents, Including Women, Hid in Gaza for Weeks Before Hostage Rescue [06/14/2024]
• Mother: Female Israeli Hostages Kept as 'Slaves' in Gaza 'Luxury Villa [06/14/2024]

  ---

• South Africa to Launch 'Government of National Unity' with Leading Opposition Party [06/14/2024]

[LouAvul]

Thank you.

[LouAvul]

Thank you.

[ProtectOurFreedom]

"It sounds like a scheme to promote premium services for a credit reporting company"

Nope, it was a true data breach.

2 Dozen Pharmaceutical Companies Affected by Cencora Cyberattack

From AmerisourceBergen / Lash Group: Notice of Data Security Incident

Their offer of two years of credit monitoring is Standard Operating Procedure for companies that have had data breaches. Lots of good it will do the affected consumers, though.

If it's any mild consolation, at least credit card numbers weren't stolen. But loss of private medical data is worrisome.

[ProtectOurFreedom]

“It’s a bandaid at best. It’s reactive and doesn’t fix or compensate for the damage that was done.”

Exactly right. Big deal — they pay for a service you can use to see if the crooks are using your data. What the hell good does that do if the crooks steal your money, your identity and your health? It’s a useless, feel-good, liberal palliative.

[ShadowAce]

It's probably legit. It's happened to me in the past. I signed up for Experian for two years, and they monitored my credit.

Nothing happened, so I let it lapse. It's free for that time period.

[algore]

“It seems to be standard practice nowadays to offer some sort of Experian-type service after a data breach. Perhaps doing so frees the breached company from any sort of legal liability. (What happens when Experian is hacked?)”

https://www.techradar.com/news/identity-thieves-crack-major-experian-security-flaw-access-customer-credit-reports

[higgmeister]

Not Cencora and its Lash Group partner, but I have had letters like that with data breaches and they indicate that they have contracted with Experian for two years, blah blah blah.   I just file the letter and don't worry about it.

[JimRed]

Your first stop is Google to see if it is true.

And we'd believe anything from Google, because???