A Philadelphia tech company which provides the software currently used in COVID-19 vaccine trials has suffered a ransomware attack, the CEO has confirmed.
The global firm, eResearchTechnology, first came under attack two weeks ago, on September 20.
Employees discovered that they were locked out of their data by ransomware, The New York Times reported – an attack that holds victims’ data hostage until they pay to unlock it.
ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.
Several of ERT’s clients were hit – among them IQVIA, the contract research organization helping manage AstraZeneca’s COVID vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus.
ERT has its global headquarters in Philadelphia and has been under attack since Sept 20
ERT provides the software used by firms including AstraZeneca and Bristol Myers Squibb
Research into a vaccine is feared to be delayed following the ransomware attack
ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America.
ERT’s software was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.
Drew Bustos, ERT’s vice president of marketing, said the company took its systems offline on September 20 and asked cybersecurity experts to help, and notified the Federal Bureau of Investigation.
Drew Bustos, ERT’s vice president of marketing, said the attack had been ‘contained’ and the FBI notified
‘Nobody feels great about these experiences, but this has been contained,’ he said.
ERT begun bringing its systems back online on Friday, and planned to bring remaining systems online over the coming days.
He refused to say whether a ransom had been paid, or whether they had identified suspects.
IQVIA said it had been able to limit problems because it had backed up its data. Bristol Myers Squibb also said the impact of the attack had been limited but other ERT customers had to move their clinical trials to pen and paper.
In a statement, IQVIA said that the attack had ‘had limited impact on our clinical trials operations’.
‘We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen,’ the company said.
Some of the researchers working on vaccines have had to use a pen and paper during the issue
IQVIA was one of ERT’s clients effected by the ransomware attack
At least 53 health care and system providers in the U.S. have been hit with ransomware in 2020
Pfizer and Johnson & Johnson, two companies working on a coronavirus vaccine, said their coronavirus vaccine trials had not been affected.
‘ERT is not a technology provider for or otherwise involved in Pfizer’s Phase 1/2/3 Covid-19 vaccine clinical trials,’ Amy Rose, a spokeswoman for Pfizer, said.
Ransomware attacks are an increasing threat, especially given the huge pressure on companies to come up with a safe COVID vaccine.
So far this year, a total of 53 health care providers and health care systems in the U.S. have been hit with ransomware, impacting care at up to 503 individual hospitals and medical clinics, according to cybersecurity firm Emisoft.
In Germany a ransomware attack resulted in the first known death from a cyberattack in recent weeks, after Russian hackers seized 30 servers at University Hospital Dusseldorf, crashing systems and forcing the hospital to turn away emergency patients.
As a result, the German authorities said, a woman in a life-threatening condition was sent to a hospital 20 miles away in Wuppertal and died from treatment delays.