UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, DC 20549
FORM
(Amendment No. 1)
CURRENT REPORT
Pursuant to Section 13 or 15(d)
of the Securities Exchange Act of 1934
Date
of Report (Date of earliest event reported):
(Exact name of registrant as specified in its charter)
Commission File Number:
(State or other jurisdiction of |
(I.R.S. Employer | |
incorporation or organization) | Identification No.) | |
|
| |
(Address of principal executive offices) |
(Zip Code) |
(
(Registrant’s telephone number, including area code)
Not Applicable
(Former name or former address, if changed since last report.)
Securities registered pursuant to Section 12(b) of the Act:
Title of each class | Trading Symbol(s) | Name of exchange on which registered |
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ¨
Explanatory Note
This Amendment No. 1 (the “Amendment”) amends the Current Report on Form 8-K filed by Cencora, Inc. (the “Company”) with the Securities and Exchange Commission on February 27, 2024 (the “Original Report”).
Item 1.05 | Material Cybersecurity Incidents. |
In the Original Report the Company disclosed that it learned, on February 21, 2024, that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.
Through that investigation, the Company learned that additional data, beyond what was initially identified, had been exfiltrated. The Company has identified and completed its review of most of the exfiltrated data (the “Data”). This review has confirmed that the Data included personally identifiable information (“PII”) and protected health information (“PHI”) of individuals, most of which is maintained by a Company subsidiary that provides patient support services.
For PII and PHI discovered in the Data to date, the Company has provided required notifications to potentially affected parties and individuals as well as regulatory agencies. The Company continues to review the Data and it intends to provide any additional required notifications to affected and potentially affected parties and appropriate regulatory agencies. The Company has no evidence that any of the Data has been or will be publicly disclosed.
The Company believes it has contained the incident, and the Company has undertaken remediation efforts, which are ongoing. As part of its remediation efforts, the Company is working with cybersecurity experts to reinforce its systems, strengthen its surveillance of cybersecurity threats and prevent unauthorized occurrences on or conducted through its IT systems.
The incident has not had a material impact on the Company’s operations, and its information systems have continued to be fully operational. The Company does not believe the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.
Forward-Looking Statements
Certain of the statements contained in this Current Report on Form 8-K are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended (the “Securities Exchange Act”). Words such as “aim,” “anticipate,” “believe,” “can,” “continue,” “could,”, “estimate,” “expect,” “intend,” “may,” “might,” “on track,” “opportunity,” “plan,” “possible,” “potential,” “predict,” “project,” “seek,” “should,” “strive,” “sustain,” “synergy,” “target,” “will,” “would” and similar expressions are intended to identify forward-looking statements, but the absence of these words does not mean that a statement is not forward-looking. These statements are based on management’s current expectations and are subject to uncertainty and changes in circumstances and speak only as of the date hereof. These statements are not guarantees of future performance and are based on assumptions and estimates that could prove incorrect or could cause actual results to vary materially from those indicated. A more detailed discussion of the risks and uncertainties that could cause our actual results to differ materially from those indicated is included in (i) the “Risk Factors” and “Management’s Discussion and Analysis” sections in the Company’s Annual Report on Form 10-K for the fiscal year ended September 30, 2023 and elsewhere in that report and (ii) other reports filed by the Company pursuant to the Securities Exchange Act. The Company undertakes no obligation to publicly update or revise any forward-looking statements, except as required by the federal securities laws.
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
Cencora, Inc. | |||
July 31, 2024 | By: | /s/ James F. Cleary | |
Name: | James F. Cleary | ||
Title: | Executive Vice President and Chief Financial Officer |