London: U.S. drug distributor Cencora said on Wednesday that additional data on patients, beyond what was initially identified, had been stolen in a cyberattack and data breach in February.
The company launched an investigation into the data breach upon first learning about it earlier this year.
Cencora has completed its review of most of the exfiltrated data and confirmed that it included personally identifiable data and protected health information of individuals, most of which was maintained by a subsidiary providing patient support services.
The company has notified potentially affected individuals and regulatory agencies as required, according to a regulatory filing.
The drug distributor continues to review the data and intends to notify affected and potentially affected parties of any additional required notifications.
Cencora said it has no evidence that the data has been or will be publicly disclosed and is working with experts to strengthen its surveillance of cybersecurity threats.
The incident has not had a material impact on its operations, Cencora said.
(Reporting by Sneha S K in Bengaluru; Editing by Sriraj Kalluvila and Tasim Zahid)
