A ransomware attack has hit eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines. The attackers could be financially motivated — or could be backed by a nation-state looking to gain competitive advantage, researchers speculated.
According to reports, the cyberattack on the Philadelphia company has slowed down those trials over the past two weeks, as researchers were forced to switch to pen and paper for tracking patient data.
ERT on its website notes that its software is being used globally in drug trials, and that it was involved in tracking 75 percent of drug-approval trials run by the FDA last year. It hasn’t disclosed how many of its customers have been affected by the ransomware attack, or which ransomware strain is responsible.
However, according to the New York Times, which broke the story over the weekend, IQVIA and Bristol Myers Squibb were both caught up in the incident. The former is a contractor helping with AstraZeneca’s COVID-19 vaccine trial, and the latter drug-maker is heading up a collaborative effort to develop a better rapid test for the virus.
Both told the outlet that thanks to data backups, the impact of the attack was limited. Other ERT customers however weren’t so lucky, according to the Times.
Drew Bustos, ERT’s vice president of marketing, has confirmed to media that the attacks started on Sept. 20, after which systems were taken offline. The company is now in recovery mode he said, and the threat is “contained,” so ERT is slowly bringing systems back into operation.
Pfizer and Johnson & Johnson, both of which are working on a COVID-19 vaccine, announced that their trials weren’t impacted by the attack. IQVIA meanwhile issued a statement noting, “We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”
“Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data,” said James McQuiggan, security awareness advocate at KnowBe4, via email. “For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen. Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack.”
While it’s unclear what the motivation behind this ransomware attack ultimately was, it’s known that attacks on organizations leading the medical fight against the coronavirus pandemic have been continuing. In March, the World Health Organization was targeted by espionage crews looking for coronavirus response information; and in May, the FBI and the Department of Homeland Security warned that China-lined nation-state spies are actively cyber-hunting for clinical research.
“There’s been an intense upscale in attacks,” Chloé Messdaghi, vice president of strategy at Point3 Security told Threatpost. “Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation-state actors or foreign competing companies looking to find usable information. Or, it could be an individual attacker or a group of attackers trying to collect money. Attackers understand this has exceptional worth because the companies are very well positioned financially, and that clinical trials make a quick payoff very advantageous.”
On October 14 at 2 PM ET Get the latest information on the rising threats to retail e-commerce security and how to stop them. Register today for this FREE Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.