1 min read

Lash Group data breach affects tens of thousands

Caitlin Anthoney May 31, 2024

Healthcare cybersecurity news
broken digital lock

Recently, the Lash Group, a division of Cencora (formerly AmerisourceBergen), disclosed a data breach that exposed tens of thousands of consumers' sensitive information.

 

What happened

The Lash Group discovered that an unauthorized party accessed and exfiltrated confidential information from its network. The data breach was identified on February 21, 2024, and involved sensitive patient data, including names, birth dates, health diagnoses, and medications. 

Affected individuals were those enrolled in patient support programs through major pharmaceutical companies such as Regeneron, AbbVie, Genentech, and GlaxoSmithKline. Lash Group began notifying affected individuals on April 10, 2024.

 

Going deeper

The Lash Group, established in 1986, is a division of Cencora (formerly known as AmerisourceBergen Corporation). It is headquartered in Fort Mill, South Carolina, and specializes in running patient support programs for pharmaceutical companies. These programs ensure that costly medications are accessible to qualifying patients, regardless of their ability to pay. 

 

What was said

The Lash Group’s Notice of Data Security Incident states, "There is no evidence that any of this information has been or will be publicly disclosed, or that any information was or will be misused for fraudulent purposes as a result of this incident, but we are communicating this so that affected individuals can take the steps outlined below to protect yourself.”

The statement also states that individuals shouldbe assured that we are also working with cybersecurity experts to reinforce our systems and information security protocols in an effort to prevent incidents like this from occurring in the future.”

Furthermore, Lash Group will offer affected individualsaccess to Experian IdentityWorksSM credit monitoring and remediation services for 24 months at no charge.”

 

By the numbers

The Lash Group currently operates over 100 patient support programs and has served more than 15 million patients. It generates approximately $845 million in annual revenue, with over 4,000 employees facilitating patient access to necessary medications and treatments.

Furthermore, the data incident was discovered on February 21, 2024, while affected individuals were notified by April 10, 2024.

 

Why it matters

Patients affected by this breach may face risks of identity theft and fraud. Victims should monitor their financial and medical records for suspicious activity by using the credit monitoring and identity theft remediation services provided.

Related: HIPAA Compliant Email: The Definitive Guide
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Microsoft logo

Microsoft reveals the sequence of events that led to a massive hacking event

Picture of Abby Grifno Abby Grifno : September 07, 2023

In July, Microsoft disclosed they had been breached by a Chinese hacking group, affecting over two dozen organizations. After an investigation, they...

Healthcare cybersecurity news
Read More
AT&T logo

AT&T data breach leaks info of over 70 million users to dark web

Picture of Farah Amod Farah Amod : April 02, 2024

In a recent incident, telecommunications giant AT&T discovered a data breach affecting over 70 million customers. The company has taken immediate...

Healthcare cybersecurity news
Read More
Person holding a tablet with neon icons showing file transfer between documents

Critical vulnerabilities identified in MOVEit Transfer and MOVEit Cloud

Picture of Dean Levitt Dean Levitt : June 15, 2023

Recent vulnerabilities discovered in MOVEit Transfer and MOVEit Cloud systems could pose a significant risk to the healthcare sector, where the...

Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.