04 October 2020

Ransomware

The New York Times reports that ResearchTechnology (ERT), a US provider of software used in clinical trialss, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. ERT is reported as stating that clinical trial patients were never at risk, with the Times commenting that customers said the attack forced trial researchers to track their patients with pen and paper. 

 Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus. 

ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website. 

On Friday, Drew Bustos, ERT’s vice president of marketing, confirmed that ransomware had seized its systems on Sept. 20. As a precaution, Mr. Bustos said, the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation. 

“Nobody feels great about these experiences, but this has been contained,” Mr. Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days.

Bustos is reported as saying it is still too early to say who was behind the attack and declined to say whether ERT paid its extortionists, "as so many companies hit by ransomware now do". 

 The Times notes that another major ransomware attack last weekend, on major hospital chain Universal Health Services (2019 revenue US$11.4bn) which operates at 400 locations. The UHS media release states

an information technology security incident in the early morning hours of September 27, 2020. As a result, the Company suspended user access to its information technology applications related to operations located in the United States. xxx The Company has implemented extensive information technology security protocols and is working diligently with its security partners to restore its information technology operations as quickly as possible. xxx In the meantime, while this matter may result in temporary disruptions to certain aspects of our clinical and financial operations, our acute care and behavioral health facilities are utilizing their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively. xx At this time, we have no evidence that patient or employee data was accessed, copied or misused.