It seems like data breach issues are very common these days, and what is even baffling about that is the fact that not a lot of people out there take this type of matter seriously. But thankfully, there has been serious action taken against the Cencora data breach, and that’s precisely what we’re seeing in this Cencora Class Action Lawsuit.
First Off, Who Are Cencora and The Lash Group?
Cencora is famously known in the pharma market. By their former name (AmerisourceBergen), they might be more familiar to you. They are involved in the transportation of medications and the management of confidential healthcare procedures in collaboration with healthcare professionals throughout the country.
The Lash Group is one of the Cencora subsidiaries that focuses on the patient support program. This in turn implies that the company handles a huge amount of private health-related data, which includes records of prescriptions, medical insurance, and so on.
And this is precisely where the trouble starts. You don’t see it?
What Happened, and When Did It Happen?
Initially, a data breach was the trigger for this entire crisis. Unauthorized users were able to infiltrate Cencora’s systems, and consequently, they were able to get hold of private and healthcare data.
- The breach itself occurred before February 2024.
- But Cencora didn’t report it until February 21, 2024, when they filed an official report with the SEC.
- On May 17, 2024, affected individuals started receiving notification letters.
That’s roughly a delay of three months between the time the breach was discovered and when the public was informed. Not really the best scenario.
After that, a law firm named Hammerco, located in Canada, made the announcement on September 4, 2024, that it had filed a class action lawsuit against not only Cencora but also their Canadian partner, Innomar Strategies.
Fast forward to September 2025, and there is a proposal for a $40 million settlement in the U.S.
What Kind of Data Was Exposed?
Unfortunately, this wasn’t just names and email addresses. The data breach involved highly sensitive health information, such as:
- Full names and addresses
- Prescription details
- Medical records and lab results
- Insurance and healthcare provider info
What actually makes this situation even serious is the fact that the incident had not only affected Cencora and The Lash Group. More than 15 most significant pharmaceutical corporations were involved in this mess, among which we can name Bayer, GSK, and Novartis, as they were utilizing Cencora to carry out patient programs.
And just so you know, as per the details that are already out, at least 540,000 people were directly affected; that’s just what we know so far. The actual number could be much higher.
Why the Lawsuit?
People were understandably upset. Here’s why the lawsuits were filed:
- Failure to protect personal data
- Delays in notifying affected individuals
It has been reported in America that Cencora and The Lash Group have been sued for failing to take quick action and not providing strong enough safeguards.
The accusations in Canada were pretty much the same. The lawsuit accuses both Cencora and Innomar Strategies of improper handling of private medical information.
Cencora, however, decided to settle the case as a matter of no contest, but not as an admission of any guilt, to stop the conflict from dragging on legally.
