Mer­ck in $1.3B show­down with in­sur­ers over 2017 ran­somware at­tack — Bloomberg

When Mer­ck was hit with a ran­somware at­tack in 2017, the phar­ma gi­ant was in fact just col­lat­er­al dam­age from a virus Rus­sia aimed at Ukraine, and the com­pa­ny is strug­gling to re­coup its loss­es be­cause its $1.75 bil­lion in­sur­ance plan doesn’t cov­er acts of war.

Those are de­tails from a rich­ly re­port­ed Bloomberg News sto­ry out yes­ter­day ex­plor­ing how a geopo­lit­i­cal fight in East­ern Eu­rope ac­ci­den­tal­ly en­tan­gled a New Jer­sey-based phar­ma­ceu­ti­cal com­pa­ny and sparked law­suits with ma­jor ram­i­fi­ca­tions for the fu­ture of in­sur­ance and cy­ber­crime.

Mer­ck em­ploy­ees log­ging on to their com­put­ers on June 27, 2017 were greet­ed with a po­lite mes­sage in pink let­ters: “Ooops, your im­por­tant files are en­crypt­ed. … We guar­an­tee that you can re­cov­er all your files safe­ly and eas­i­ly. All you need to do is sub­mit the pay­ment.” The pay­ment was $300 in bit­coin, per com­put­er.

The screen Mer­ck em­ploy­ees saw from the Petya at­tack

Ear­ly on, it was clear that Mer­ck was one vic­tim of a glob­al at­tack that al­so hit Dan­ish ship­ping com­pa­ny Maer­sk, Amer­i­can food com­pa­ny Mon­delez, French con­struc­tion gi­ant Saint-Gob­ain and even the sys­tems mon­i­tor­ing the Cher­nobyl nu­clear pow­er sta­tions, among oth­ers.

Un­like Cher­nobyl, though, it ap­pears that Mer­ck was not an in­tend­ed tar­get. The at­tack was dubbed Not­Petya, a cre­ation of the GRU Russ­ian mil­i­tary in­tel­li­gence agency (the same one that at­tacked the De­mo­c­ra­t­ic Na­tion­al Com­mit­tee), and it was de­signed to strike com­pa­nies and agen­cies in Ukraine, a coun­try that had been in con­flict with Rus­sia since 2014. But, per Bloomberg, Not­Petya con­t­a­m­i­nat­ed a tax soft­ware ap­pli­ca­tion, M.E.Doc, that was run­ning on a serv­er in Mer­ck’s Ukraine of­fice.

From there, it spread to the phar­ma gi­ant’s head­quar­ters, where it would elim­i­nate — in some cas­es — years of re­search, crip­ple Gardis­al 9 pro­duc­tion fa­cil­i­ties and even­tu­al­ly cause (by Mer­ck’s es­ti­mate) $1.3 bil­lion in dam­ages. Mer­ck, though, had a prop­er­ty in­sur­ance plan worth up to $1.75 bil­lion that cov­ered com­put­er da­ta, cod­ing and soft­ware (af­ter a $150 mil­lion de­ductible). But when Mer­ck went to ac­ti­vate the plan, most of their 30 in­sur­ers re­ject­ed them. Your plan doesn’t cov­er dam­ages from mil­i­tary ac­tion, they told “shocked” Mer­ck of­fi­cials.

What fol­lowed were, not sur­pris­ing­ly, a string of law­suits, with Mer­ck claim­ing that it was hit by a cy­ber — not a mil­i­tary — event. These law­suits, Bloomberg re­ports, are be­ing watched for the prece­dents they may set around how fu­ture cy­ber­crime is clas­si­fied.

The in­sur­ers are try­ing to prove two things: that the at­tack re­al­ly did come from Rus­sia and that Mer­ck was not as vig­i­lant as it could have been in pro­tect­ing their da­ta. Mer­ck, as End­points News re­port­ed short­ly af­ter the at­tack, had missed two op­por­tu­ni­ties to in­oc­u­late them­selves against the virus be­fore they were struck.

On Rus­sia, the in­sur­ers have got­ten a hand from the White House. Last year, the Trump Ad­min­is­tra­tion wrote with­out equiv­o­ca­tion that the at­tack “was part of the Krem­lin’s on­go­ing ef­fort to desta­bi­lize Ukraine and demon­strates ever more clear­ly Rus­sia’s in­volve­ment in the on­go­ing con­flict.”

“When the pres­i­dent of the Unit­ed States comes out and says, ‘It’s Rus­sia,’ it’s go­ing to be hard to fight,” Jake Williams, a for­mer Na­tion­al Se­cu­ri­ty Agency hack­er who now helps com­pa­nies hunt for vul­ner­a­bil­i­ties in their com­put­er net­works, told Bloomberg. “I’ll be sur­prised if the in­sur­ance com­pa­nies don’t get a win. This is as sol­id a case as they’re go­ing to get.”

But some le­gal ex­perts ex­pressed greater skep­ti­cism of the in­sur­ers’ case. All signs may point to Russ­ian cul­pa­bil­i­ty but when it comes to cy­ber, it’s not clear what mil­i­tary ac­tion means.

“It’s not go­ing to be an easy case for a judge in the U.S. to de­clare that this was an act of war,” Cather­ine Lotri­onte, a for­mer CIA lawyer who’s taught at George­town Uni­ver­si­ty, told Bloomberg.

Amarin CEO John Thero discussing the company's plans for Vascepa, August 2019 — via Bloomberg

Amarin wins a block­buster ap­proval from the FDA. Now every­one can shift fo­cus to the patent

For all those people who could never quite believe that Amarin $AMRN would get an expanded label with blockbuster implications, the stress and anxiety on display right up to the last minute on Twitter can now end. But new, pressing questions will immediately surface now that the OK has come through.

On Friday afternoon, the FDA stamped its landmark approval on the industrial strength fish oil for reducing cardio risks for a large and well defined population of patients. The approval doesn’t give Amarin everything it wants in expanding its use, losing out on the primary prevention group, but it goes a long way to doing what the company needed to make a major splash. The approval was cited for patients with “elevated triglyceride levels (a type of fat in the blood) of 150 milligrams per deciliter or higher. Patients must also have either established cardiovascular disease or diabetes and two or more additional risk factors for cardiovascular disease.”

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 67,600+ biopharma pros reading Endpoints daily — and it's free.

Paul Hudson, Getty Images

Sanofi CEO Hud­son lays out new R&D fo­cus — chop­ping di­a­betes, car­dio and slash­ing $2B-plus costs in sur­gi­cal dis­sec­tion

Earlier on Monday, new Sanofi CEO Paul Hudson baited the hook on his upcoming strategy presentation Tuesday with a tell-tale deal to buy Synthorx for $2.5 billion. That fits squarely with hints that he’s pointing the company to a bigger future in oncology, which also squares with a major industry tilt.

In a big reveal later in the day, though, Hudson offered a slate of stunners on his plans to surgically dissect and reassemble the portfoloio, saying that the company is dropping cardio and diabetes research — which covers two of its biggest franchise arenas. Sanofi missed the boat on developing new diabetes drugs, and now it’s pulling out entirely. As part of the pullback, it’s dropping efpeglenatide, their once-weekly GLP-1 injection for diabetes.

“To be out of cardiovascular and diabetes is not easy for a company like ours with an incredibly proud history,” Hudson said on a call with reporters, according to the Wall Street Journal. “As tough a choice as that is, we’re making that choice.”

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 67,600+ biopharma pros reading Endpoints daily — and it's free.

Sarep­ta was stunned by the re­jec­tion of Vyondys 53. Now it's stun­ning every­one with a sur­prise ac­cel­er­at­ed ap­proval

Sarepta has a friend in the FDA after all. Four months after the agency determined that it would be wrong to give Sarepta an accelerated approval for their Duchenne MD drug golodirsen, regulators have executed a stunning about face and offered the biotech a quick green light in any case.

It was the agency that first put out the news late Thursday, announcing that Duchenne MD patients with a mutation amenable to exon 53 skipping will now have their first targeted treatment: Vyondys 53, or golodirsen. Having secured the OK via a dispute resolution mechanism, the biotech said the new drug has been priced on par with their only other marketed drug, Exondys 51 — which for an average patient costs about $300,000 per year, but since pricing is based on weight, that sticker price can even cross $1 million.

Sarepta shares $SRPT surged 23% after-market to $124.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 67,600+ biopharma pros reading Endpoints daily — and it's free.

Paul Biondi (File photo)

Paul Biondi's track record at Bris­tol-My­ers cov­ered bil­lions in deals of every shape and size. Here's the com­plete break­down

Paul Biondi was never afraid to bet big during his stint as business development chief at Bristol-Myers Squibb. And while the gambles didn’t all pay out, by any means, his roster of pacts illustrates the broad ambitions the pharma giant has had over the last 5 years — capped by the $74 billion Celgene buyout.

On Thursday, we learned that Biondi had exited the company. And Chris Dokomajilar at DealForma came up with the complete breakdown on every buyout, licensing pact and product purchase Bristol-Myers forged during his tenure in charge of the BD team at one of the busiest companies in biopharma.

Endpoints Premium

Premium subscription required

Unlock this article along with other benefits by subscribing to one of our paid plans.

Arie Belldegrun (Photo: Jeff Rumans for Endpoints News)

Ju­ry finds Gilead li­able for $585M and big roy­al­ties in Kite CAR-T patent case

A Kite deal that’s already become a burden on Gilead’s back just got heavier as a California jury has ruled Gilead must pay Bristol-Myers Squibb and Sloan Kettering $585 million plus a 27.6% royalty for patent infringement committed by its subsidiary. The ruling is almost certain to be appealed.

Kite Pharma — founded by Arie Belldegrun, now focused on a next-gen CAR-T company — has been facing a lawsuit since the day its first CAR–T therapy won approval in October, 2017. Juno Therapeutics and Sloan Kettering filed a complaint saying Kite had copied its technology. Gilead acquired Kite in June of that year for $11.9 billion.  Juno was acquired the following year by Celgene for $9 billion, before Celgene was acquired by Bristol-Myers Squibb in 2019.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 67,600+ biopharma pros reading Endpoints daily — and it's free.

FDA ex­pert pan­el unan­i­mous­ly rec­om­mends ap­proval for Hori­zon Ther­a­peu­tics eye drug

An FDA advisory committee noted with concern a small safety database but unanimously endorsed a Horizon Therapeutics drug for a rare eye autoimmune disease that can blind patients: teprotumumab for thyroid eye disease (TED).

“It was a pretty easy vote,” said Erica Brittain, an NIH biostatistician and one of the 12 panelists on FDA’s Dermatologic and Ophthalmic Drugs Advisory Committee.

This image shows a lab technician measuring the zone of inhibition during an antibiotic sensitivity test, 1972. The zone of inhibition is measured and compared to a standard in order to determine if an antibiotic is effective in treating the bacterial infection. (Gilda Jones/CDC via Getty Images)

Bio­phar­ma has aban­doned an­tibi­ot­ic de­vel­op­ment. Here’s why we did, too.

Timing is Everything
When we launched Octagon Therapeutics in late 2017, I was convinced that the time was right for a new antibiotic discovery venture. The company was founded on impressive academic pedigree and the management team had known each other for years. Our first program was based on a compelling approach to targeting central metabolism in the most dangerous bacterial pathogens. We had already shown a high level of efficacy in animal infection models and knew our drug was safe in humans.

Shehnaaz Suli­man dives back in­to Alzheimer's at Alec­tor; Pyx­is re­cruits Spring­Works founder Lara Sul­li­van as CEO

Amid Shehnaaz Suliman’s lengthy resume it could be easy to miss her stint leading early-stage Alzheimer’s R&D at Genentech, where she oversaw a program for the ill-fated crenezumab and initiated one of the first prevention studies around the devastating neurodegenerative disease. But it is this experience that she — after thinking long and hard about her next career move over the past months — will be leaning heavily on as the first president and COO of Alector.

PhII fail­ure in rare neu­rode­gen­er­a­tive dis­ease? No mat­ter, Bio­gen will mo­tor on in Alzheimer's

Biogen’s fierce focus on disorders of the brain has hit another roadblock.

On Friday, the US drugmaker — which recently resurrected its amyloid-targeting Alzheimer’s drug, aducanumab — said its anti-tau drug, gosuranemab, failed a mid-stage study in patients with progressive supranuclear palsy (PSP), a rare brain disorder that results from deterioration of brain cells that control movement and thought.