A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.
The attack on eResearchTechnology Inc., which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.
Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s COVID vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus.
ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.
On Friday, Drew Bustos, ERT’s vice president of marketing, confirmed that its systems had been seized by ransomware on Sept. 20. As a precaution, Bustos said the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation.
“Nobody feels great about these experiences, but this has been contained,” Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days.
Bustos said it was still too early to say who was behind the attack. He declined to say whether the company paid its extortionists.
The attack on ERT follows another major ransomware attack last weekend on Universal Health Services, a major hospital chain with more than 400 locations, many in the United States.
NBC News first reported the attack on UHS on Monday and said it appeared to be “one of the largest medical cyberattacks in United States history.”
The incidents also follow more than 1,000 ransomware attacks on U.S. cities, counties and hospitals over the past 18 months. The attacks, once treated as a nuisance, have taken on greater urgency in recent weeks, as American officials worry they may interfere, directly or indirectly, with the November election.
A ransomware attack in Germany resulted in the first known death from a cyberattack in recent weeks, after Russian hackers seized 30 servers at University Hospital Düsseldorf, crashing systems and forcing the hospital to turn away emergency patients. As a result, German authorities said, a woman in a life-threatening condition was sent to a hospital 20 miles away in Wuppertal and died from treatment delays.
One of ERT’s clients, IQVIA, said it had been able to limit problems because it had backed up its data. Bristol Myers Squibb also said the impact of the attack had been limited, but other ERT customers had to move their clinical trials to pen and paper.
In a statement, IQVIA said that the attack had “had limited impact on our clinical trials operations” and added, “We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”
Pfizer and Johnson & Johnson, two companies working on a coronavirus vaccine, said their coronavirus vaccine trials had not been affected.
“ERT is not a technology provider for or otherwise involved in Pfizer’s Phase 1/2/3 COVID-19 vaccine clinical trials,” Amy Rose, a spokesperson for Pfizer, said.
Companies and research labs on the front lines of the pandemic have been repeat targets for foreign hackers over the past seven months as countries around the world try to gauge one another’s responses and progress in addressing the virus. In May, the FBI and the Department of Homeland Security warned that Chinese government spies were actively trying to steal US clinical research through cybertheft.
“Health care, pharmaceutical and research sectors working on COVID-19 response should all be aware they are the prime targets of this activity and take the necessary steps to protect their systems,” the agencies said.
More than a dozen countries have redeployed military and intelligence hackers to glean what they can about other nations’ responses, according to security researchers.
Even countries that previously did not stand out for their cyberprowess, like South Korea and Vietnam, have been named in recent security reports as countries that are actively engaged in hacking global health organizations in the pandemic.