Malware & Ransomware Protection

Cencora Data Breach Demonstrates the Risks Facing Pharmaceutical Companies

rectangle Written by: Sotero rectangle 2 5 min read

Data breaches against pharmaceutical companies are slightly less common than many other industries. This infrequency, especially related to retail, healthcare, and financial services, does not make successful attacks any less damaging. In fact, pharmaceutical data breaches may be less common but they are on average far more costly than many other industries. The average cost of a data breach in pharmaceuticals was $4.82 million in 2023, according to IBM’s Cost of a Data Breach report. This makes pharma breaches the third costliest, right behind healthcare at number 1 and financial services at number 2.

The recent Cencora data breach is indicative of the type of damage in a pharmaceutical data breach. On February 21, 2024, Cencora, previously known as AmerisourceBergen, learned that “data from its information systems had been exfiltrated, some of which may contain personal information,” according to a Securities and Exchange Commission 8-K filing.

This blog will examine the attack and offer guidance on how companies can defend themselves against data exfiltration now and in the future.


Overview of the Attack

Cencora, called AmerisourceBergen until August 2023, offers pharmaceutical services, such as drug distribution and solutions for doctor’s offices, pharmacies, and animal healthcare. The company had $262.2 billion in revenue for fiscal year 2023, with about 46,000 employees throughout its different divisions.

There are scant details about the attack right now, but in a statement the company said there was no connection to the Optum/Change Healthcare ransomware attack from AlphV/Black Cat that’s caused issues with pharmaceutical billing.

In the SEC filing, Cencora said that it took immediate containment steps once it noticed the breach and is now working with outside cybersecurity experts and law enforcement to investigate and contain the potential damage of the breach. It’s too early in the investigation right now for Cencora to determine whether there will be a material impact on their corporate financials, but that may not be known for quite some time.

No one has taken responsibility for the attack, according to news reports on the breach, but this would not be the first time that Cencora had been breached. In February 2023 the Lorenz ransomware group claimed to breach the company when it was operating as AmerisourceBergen. More details will likely emerge about the attack, especially in light of the new SEC cybersecurity incident reporting requirements.

Why Pharmaceutical Companies Should Take Care

Pharmaceutical companies like Cencora make an attractive target for cybercriminals. The combination of personal data related to patient billing information and health information, as well as intellectual property about innovative drugs, biologics, or medical devices, means there is a wealth of potentially valuable data in pharmaceutical company servers.

Losing control over this data can have huge financial consequences and spark a loss of trust among end-user consumers and medical professionals. Research and development costs in the pharmaceutical industry can run anywhere from $161 million to more than $4 billion per drug. This includes drugs that do and do not make it to market and through regulatory approvals. Only 12% of drugs are actually approved for sale, making developing a new one very costly.

The theft of pharmaceutical intellectual property can thus have a substantial impact on company revenue. This makes it imperative that pharmaceutical companies take steps to defend their critical data.


How Sotero Can Help Defend Critical Pharmaceutical Data

Traditional data breach protection is reactive. An attack in progress, like the Cencora breach, is noticed and defenders then take action to lock down any potential impact. Then incident responders conduct root cause analysis to determine how the attack occurred and potentially close down any security vulnerabilities.

Sotero takes a proactive approach instead. Its machine learning algorithms empower customers to analyze each data access request at the moment it’s made, and then review and categorize them based on threat potential. This analysis is performed in real time by a self training machine learning model that detects and stops threats nearly instantly.

The Sotero platform combines data security posture management and data detection and response (DDR), with continuous monitoring and robust ransomware protection across all data architectures. Blending these technologies into a single platform empowers security teams with the ability to automatically discover and classify data, ensure critical data is protected at the highest level, manage access to sensitive information, and meet necessary data compliance standards all from a single platform.

Sotero has extensive experience defending critical pharmaceutical data, as demonstrated with the results of our top 10 pharmaceutical client who seamlessly protects sensitive data within collective data sets while maintaining the ability to collaborate and analyze data. Additionally, in depth tracking and monitoring of all access and utilization keeps our client in alignment with the many different regulatory data privacy standards that they must comply with.

With Sotero, companies can be confident that their data is secure and they’re able to control access to sensitive information.

To learn more about Sotero, request a demo today.



cyber resilience,




Subscribe to our Blog

Take a look at a truly encrypted future, with no data left unsecure.

Request a Live Demo.

Schedule a live one-on-one
demo of Sotero.

Book Demo