COVID-19 Clinical Trials Slowed After Ransomware Attack

covid-19 clinical trials ransomware

The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.

A ransomware attack has hit eResearchTechnology, a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines. The attackers could be financially motivated — or could be backed by a nation-state looking to gain competitive advantage, researchers speculated.

According to reports, the cyberattack on the Philadelphia company has slowed down those trials over the past two weeks, as researchers were forced to switch to pen and paper for tracking patient data.

ERT on its website notes that its software is being used globally in drug trials, and that it was involved in tracking 75 percent of drug-approval trials run by the FDA last year. It hasn’t disclosed how many of its customers have been affected by the ransomware attack, or which ransomware strain is responsible.

Threatpost Webinar Promo Retail Security

Click to Register!

However, according to the New York Times, which broke the story over the weekend, IQVIA and Bristol Myers Squibb were both caught up in the incident. The former is a contractor helping with AstraZeneca’s COVID-19 vaccine trial, and the latter drug-maker is heading up a collaborative effort to develop a better rapid test for the virus.

Both told the outlet that thanks to data backups, the impact of the attack was limited. Other ERT customers however weren’t so lucky, according to the Times.

Drew Bustos, ERT’s vice president of marketing, has confirmed to media that the attacks started on Sept. 20, after which systems were taken offline. The company is now in recovery mode he said, and the threat is “contained,” so ERT is slowly bringing systems back into operation.

Pfizer and Johnson & Johnson, both of which are working on a COVID-19 vaccine, announced that their trials weren’t impacted by the attack. IQVIA meanwhile issued a statement noting, “We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”

“Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data,” said James McQuiggan, security awareness advocate at KnowBe4, via email. “For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen. Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack.”

While it’s unclear what the motivation behind this ransomware attack ultimately was, it’s known that attacks on organizations leading the medical fight against the coronavirus pandemic have been continuing. In March, the World Health Organization was targeted by espionage crews looking for coronavirus response information; and in May, the FBI and the Department of Homeland Security warned that China-lined nation-state spies are actively cyber-hunting for clinical research.

“There’s been an intense upscale in attacks,” Chloé Messdaghi, vice president of strategy at Point3 Security told Threatpost. “Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation-state actors or foreign competing companies looking to find usable information. Or, it could be an individual attacker or a group of attackers trying to collect money. Attackers understand this has exceptional worth because the companies are very well positioned financially, and that clinical trials make a quick payoff very advantageous.”

On October 14 at 2 PM ET Get the latest information on the rising threats to retail e-commerce security and how to stop them. Register today for this FREE Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.

Suggested articles

Discussion

  • Arjen Lentz on

    Reality check. Most ransomware attacks aren't targeted attacks, but rather purely opportunistic. Malware spreads through emails and websites, someone clicks the wrong things while having (for instance) Microsoft Office macros enabled, the local network is not adequately secured/segmented/restricted as per current best practice (or even anything close to that), and that's how not just one machine but fileservers and other machines get caught up. In some cases we can call that unfortunate. In many cases we can call that neglectful, to the point of criminal neglect. Organisations involved in medical work should have way higher info sec standards than they do now. And look, even if an org gets targeted, having proper infra, configuration and training would go a long way. It's just not getting done, and them blaming "attacks" just doesn't sound particularly interesting to me.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.