article featured image


The healthcare company AmerisourceBergen confirmed a data breach in the IT system of one of its subsidiaries. The announcement comes after a post on the Lorenz ransomware extortion site. In that post, the threat actor claims to be exfiltrated data from the pharmaceutical distributor.

AmerisourceBergen has over 42,000 employees in the United States, Canada, and the UK and other 150 offices worldwide. The company is a drug distributor, a medical business consultant, and a services provider for patients.

What We Know Until Now

The Lorenz ransomware gang posted on its extortion site information that apparently comes from the AmerisourceBergen data breach.

The healthcare company stopped the intrusion and now they are investigating if the hackers have stolen any important data. In other words, they cannot confirm yet if the leaked data is genuine or not.

AmerisourceBergen’s internal investigation quickly identified that a subsidiary’s IT system was compromised. We immediately engaged the appropriate teams to limit the intrusion, contained the disruption and took precautionary measures to ensure all systems were and are now clear of any intrusions.

This was an isolated incident and we are in the process of investigating to determine whether any sensitive data was compromised. We take our responsibility to protect data very seriously and continue to secure and strengthen our networks to prevent any future issues.

AmerisourceBergen, for BleepingComputer

The file from the extortion site is posted with a previous date, November 1, 2022, suggesting that the incident took place a while back, however the data was posted just now.

Lorenz Ransomware Group

The Lorenz ransomware group chooses to get inside organizations’ networks by leveraging critical flaws in Mitel telephony systems. After the initial access, the threat actor remains silent for months and then exfiltrates and encrypts files using a backdoor.

AmerisourceBergen Healthcare Company Has Been Breached


Even though Lorenz does not carry out a lot of ransomware attacks, they target big firms. As a result, every incident has a major impact. Among its victims that suffered exfiltration of internal documents is the multinational defense contractor Hensoldt.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Do you work for an NHS Trust? Heimdal is giving you free ransomware licenses to combat growing cyber attacks.

Get your free ransomware protection here.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *