A ransomware attack has slowed down for COVID-19 clinical trials over the last two weeks.
The recent attack targeted Philadelphia-based eResearchTechnology (ERT), a company that sells software used in hundreds of clinical trials, including the crash effort to develop coronavirus tests, vaccine, and treatments.
The New York Times reported about the attack, which began two weeks ago. While it was not yet reported before, it allegedly began two weeks ago when staff found out that ransomware locked them out of their data. Attackers held the company’s information hostage until it paid the ransom, then a key will be provided to unlock the data. While clinical trial patients were not put at risk, its clients are forced to manually track their patients using pen and paper.
ERT’s vice president of marketing Drew Bustos confirmed on Friday, October 2, that ransomware had seized its systems on Sept. 20 when the company immediately took its systems offline. They notified the Federal Bureau of Investigation about the attack and called in their cybersecurity experts.
“Nobody feels great about these experiences, but this has been contained,” said Bustos said adding that the company started to bring its systems online hours after, but it may take days to put the remaining systems back online.
While it was unconfirmed yet who was behind the attack, he also declined to confirm whether the company paid the ransom. Although the FBI discourages companies hit by ransomware from giving in to their attackers’ demands, many victims pay the ransom.
Among its clients hit by the attack is IQVIA and Bristol Myers Squibb. The former is the contract research organization assisting AstraZeneca’s Covid vaccine trial while the latter leads a group of drugmakers in developing a quick COVID test.
While ERT did not say how many clinical trials were affected, its software is used in numerous drug trials in Asia, North America, and Europe. In 2019, ERT was used in three-quarters of trials that led to Food and Drug Administration approvals.
ERT ransomware’s impact on clinical trials
Among the affected companies is IQVIA, which helps manage the Astrazeneca’s clinical trials. It claims to have limited the impact because it has back up data. IQVIA said in a statement that the attack “had limited impact” on its clinical trial processes. The company also noted that it is not aware of any patient information or confidential clinical trial data “that have been removed, compromised or stolen.”
Also, Bristol Myers Squibb said the attack had limited impact while other ERT customers had to use pen and paper in supervising their clinical trials.
Meanwhile, Amy Rose, a Pfizer spokeswoman, said the attack had not affected their coronavirus vaccine trials had because the company does not have ERT as a technology provider for any phase of its clinical trials for the coronavirus vaccine.
The ERT’s attack occurred after an earlier major ransomware attack on Universal Health Services last week. According to NBC News, the attack on UHS, a major hospital chain with more than 400 locations, seemed to be one of the largest healthcare cyberattacks in the US history.
This is owned by Tech Times
Written by CJ Robles