On May 20, 2024, Lash Group filed a notice of data breach with the multiple state attorney general offices disclosing a data breach affecting information provided to the Lash Group by Genentech, Inc. In this notice, Lash Group explains that the incident resulted in an unauthorized party being able to access Genentech consumers’ sensitive information, which includes their names, dates of birth, addresses, medical diagnoses, and prescription medications. Upon completing its investigation, Lash Group began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Lash Group about information you provided to Genentech, likely in relation to a patient assistance program, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Lash Group data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Genentech Patients?
The Lash Group data breach was only recently announced, and we expect that additional information will be available in the near future. However, for now, Lash Group’s various filings with state attorney general offices provide some background information on what led up to the breach, who was affected, and what data types were involved.
According to these sources, Lash Group maintains a partnership with Genentech. As a result of this partnership, Genentech provides Lash Group with certain information about consumers who take Genentech medications.
On April 10, 2024, Lash Group confirmed that an unauthorized party was able to access its computer network through a cyberattack. Lash Group was able to determine that the unauthorized party had access to confidential information belonging to individuals who gave their information to Genentech.
After learning that sensitive Genentech data was accessible to an unauthorized party, Lash Group reviewed the leaked files to identify what information was leaked and who was impacted. On April 18, 2024, Lash Group notified Genentech that some of the files that were compromised contained Genentech data. While the breached information varies depending on the individual, it may include your name, date of birth, address, medical diagnoses, and prescription medications.
On May 20, 2024, Lash Group sent out data breach letters to those Genentech patients whose information was affected by the recent breach. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Lash Group and Genentech
Founded in 1986 and based in Fort Mill, South Carolina, Lash Group is a division of Cencora (formerly AmerisourceBergen Corporation). Lash Group provides patient access services to pharmaceutical companies. Lash Group has more than 4,000 employees and generates roughly $845 million in annual revenue.
Founded in 1976, Genentech, Inc. is a biotechnology company based out of South San Francisco, California. Genentech is widely recognized as the first biotechnology company. Genentech became a member of the Roche Group in March 2009. Genentech employs more than 13,500 people and generates approximately $2.9 billion in annual revenue.
