Cencora detected a cyberattack on 21 February 2024. Attackers exfiltrated patient data from its patient support program platform used by major pharmaceutical clients including AbbVie, Bayer, Genentech, Incyte, Novartis, and Regeneron, among others — eventually totalling 27 pharma companies breached via Cencora’s systems. Stolen data: patient names, postal addresses, dates of birth, health diagnoses, and medication information for 1,430,000+ individuals. No ransomware group claimed responsibility; security researchers believe a ransom was paid silently. $40 million class action settlement reached. Supply chain vector as the pharma companies themselves were not directly breached.