A ransomware attack has hit eResearch Technology, a US medical software company that supplies pharma companies with tools for conducting clinical trials, including trials for COVID-19 vaccines.
The attackers may be financially motivated or could be backed by a nation-state looking to gain advantage, researchers think.
The attack on eResearch Technology potentially slowed down coronavirus research globally, & researchers suggest a nation-state player could be behind the incident.
Says reports, the cyber-attack on the Philadelphia company has slowed down those trials over the past 2 weeks, as researchers were had to switch to pen & paper for tracking patient data.
ERT on its website notes that its software is being used in drug trials, & that it was involved in tracking 75% of drug-approval trials run by the FDA last year. It has not disclosed how many of its customers have been affected by the ransomware attack, or which ransomware strain is responsible.
New York Times
According to the New York Times, which broke the story over the weekend, IQVIA & Bristol Myers Squibb were both affected by the incident. The 1st is a contractor helping with AstraZeneca’s COVID-19 vaccine trial, & the latter drug-maker is leading a collaborative effort to develop a better rapid test for the virus.
Both said that because of data backups, the impact of the attack was reduced. Other ERT customers, however, were not as lucky, observed the Times.
Drew Bustos, ERT’s VP of Marketing, has confirmed that the attacks started on Sept. 20, after which systems were taken offline. The company is now in ‘recovery mode’ he commented, & the threat is “contained,” so ERT is slowly bringing systems back into operation.
Pfizer and Johnson & Johnson
Pfizer & Johnson & Johnson, both of which are working on a COVID-19 vaccine, announced that their trials were not affected by the attack. IQVIA meanwhile issued a statement explaining, “We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”
“Healthcare organisations are a prime target for ransomware, as they contain sensitive patient data,” commented James McQuiggan, Security Awareness Advocate at KnowBe4. “For large, profitable organisations, cyber-criminals know that they have the means to pay the ransom after their data is stolen.
Unfortunately, cyber-criminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack.”
While it is not clear what the motivation behind this ransomware attack ultimately was, it is known that attacks on organisations leading the medical fight against the coronavirus pandemic have been continuing.
In March, the World Health Organization was targeted by espionage groups looking for coronavirus response information; & in May, the FBI & the Department of Homeland Security warned that China-lined nation-state spies are actively cyber-hunting for clinical research.
“There’s been an intense upscale in attacks,” Chloé Messdaghi, VP of Strategy at Point3 Security explained.
“Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation-state actors or foreign competing companies looking to find usable information. It could be an individual attacker or a group of attackers trying to collect money.
Attackers understand this has exceptional worth because the companies are very well positioned financially, & that clinical trials make a quick payoff very advantageous.”
As an aside, this writer thinks that the absolute despicable morally of the people or nation responsible for this incident, ‘beggars-belief’, and puts into question any hint of human decency, during the worst peacetime crisis to affect the world in a century.