Cencora Pays Record $75M Ransom in Major Cyberattack

Cencora Inc., the drug distributor formerly known as AmerisourceBergen, became the victim of a significant cyberattack that resulted in the company paying an unprecedented $75 million ransom, making it the largest known cyber extortion payment ever recorded.

The payment, made in Bitcoin in three installments, was completed in March. Initially, the hackers demanded $150 million. The breach was discovered in February, with Cencora confirming the theft of sensitive data. However, the company has chosen not to comment further on the specifics of the attack beyond what was disclosed in regulatory filings.

In its July quarterly report, Cencora disclosed $31.4 million in “other” expenses for the nine months ending June 30, primarily due to the cybersecurity breach. These costs likely cover investigation and mitigation efforts. The company has been informing individuals and authorities about the breach, which involved stolen personal data. Despite the significant ransom payment, there is no assurance that the stolen data will remain undisclosed.

The $75 million payment follows a trend where cybercriminals target critical sectors like healthcare, which are perceived as high-value targets. The payment also underscores the increasing financial stakes in cyber extortion, with Cencora’s payment far exceeding the previous high of $40 million paid by CNA Financial in 2021.

Industry experts argue that such massive payouts could make the healthcare sector an even more attractive target for future attacks.

Cencora has asserted that the incident will not materially affect its financial condition or operations. However, the effectiveness of paying such a large ransom remains contentious, as there is no guarantee that the hackers will not misuse the stolen data or disclose it publicly in the future.

Cybersecurity experts warn that paying ransoms may not fully resolve the threat, likening it to paying a burglar in hopes of recovering stolen goods.