Clinical Trials Hit by Ransomware Attack on Health Tech Firm

 No patient was affected, but the incident was another reminder of the risks in increasingly common attacks on computer networks.


IQVIA, the contract research organization that helps manage AstraZeneca's Covid-19 vaccine trial, has been one of the victims of the ransomware attack.

IQVIA, the contract research organization that helps manage AstraZeneca's Covid-19 vaccine trial, has been one of the victims of the ransomware attack. Credit ... Kristoffer Tripplaar / Sipa, via Associated Press

Nicole Burleroth

Written by Nicole Burleroth

October 3, 2020


The Philadelphia company that sells software used in hundreds of clinical trials, including massive efforts to develop tests, treatments and a vaccine for the Coronavirus, has come under attack from ransomware that has slowed some of those trials over the past two weeks.

The previously unreported attack on eResearchTechnology began two weeks ago when employees discovered that they had been prevented from accessing their data by ransomware, an attack that holds victims' data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but clients said the attack forced experimental researchers to track their patients with pen and paper.

Among those affected were IQVIA, a contract research organization that helps manage AstraZeneca's Covid vaccine trial, and Bristol-Myers Squibb, the pharmaceutical company that is leading a group of companies to develop a rapid test for the virus.


ERT does not say how many clinical trials have been affected, but its software is being used in drug trials across Europe, Asia and North America. It was used in three-quarters of the trials that led to the drugs being approved by the Food and Drug Administration last year, according to its website.

On Friday, ERT's vice president of marketing, Drew Bustos, confirmed that ransomware had taken over its systems on September 20. As a precaution, Mr. Bustos said, the company shut down its systems that day, called in outside cybersecurity experts and reported to the FBI.

“Nobody feels good about these experiences, but it has been contained,” said Mr. Bustos. He added that ERT started restarting its systems on Friday and plans to restart the remaining systems in the coming days.

Mr. Bustos said it was still too early to say who was behind the attack. He declined to say whether the company paid the extortionists, as many companies affected by ransomware do now.

The attack on ERT comes after another major ransomware attack last weekend on Universal Health Services, a major hospital chain with more than 400 locations, many of them in the United States.

NBC News first reported the attack on UHS on Monday, saying it appeared to be "one of the largest medical cyberattacks in US history".

These incidents came on the heels of more than a thousand ransomware attacks on US cities, counties and hospitals during the past eighteen months. The attacks, which have been treated as a nuisance, have become more urgent in recent weeks as US officials fear that they may interfere, directly or indirectly, in the November elections.

A ransomware attack in Germany resulted in the first known death from a cyberattack in recent weeks, after Russian hackers seized 30 servers at a University Hospital in Düsseldorf, crashing systems and forcing the hospital to turn away emergency patients. As a result, German authorities said, a woman in a life-threatening condition was sent to a hospital 20 miles away in Wuppertal and died from late treatment.

One ERT customer, IQVIA, said he managed to reduce issues as he backed up his data. Bristol-Myers Squibb also said that the impact of the attack was limited, but other ERT clients had to transfer their clinical trials to pen and paper.

In a statement, IQVIA said the attack "had a limited impact on our clinical trial processes," and added, "We are not aware of any confidential data or patient information, related to our clinical trial activities, that has been removed, hacked or stolen."

Pfizer and Johnson & Johnson, two companies working on a coronavirus vaccine, said their coronavirus vaccine trials were unaffected.

Amy Rose, a spokeswoman for Pfizer, said: "ERT is not a provider of technology or is otherwise involved in clinical trials of the Pfizer's Phase 1/2/3 Covid-19 vaccine."

Companies and research laboratories on the front lines of the pandemic have been frequent targets of foreign hackers over the past seven months, as countries around the world try to gauge each other's reactions and progress in tackling the virus. In May, the F.B.I. The Department of Homeland Security warned that Chinese government spies were actively trying to steal US clinical research through electronic theft.

"The healthcare, pharmaceutical and research sectors working on the response to Covid-19 must realize that they are the primary targets of this activity and take the necessary steps to protect their systems," the agencies said.

More than a dozen countries have redeployed military and intelligence infiltrators to gather what they can on other countries' reactions, according to security researchers.

Even countries that did not previously stand out for their cyber prowess, such as South Korea and Vietnam, have been categorized in recent security reports as countries involved in penetrating global health organizations in the pandemic.

0 Comments:

Post a Comment