Mer­ck left the door open to a dev­as­tat­ing cy­ber­at­tack, miss­ing two chances to raise a de­fense

Mer­ck missed two crit­i­cal op­por­tu­ni­ties ear­li­er this year to in­oc­u­late them­selves from the vi­cious cy­ber­at­tack they suf­fered this week, roil­ing op­er­a­tions and rais­ing ques­tions about their lack of prepa­ra­tion to de­fend them­selves.

The June 27 “Petya/Not­Petya” cy­ber­at­tack hit the multi­na­tion­al Mer­ck and sev­er­al oth­er com­pa­nies, such as the law firm DLA Piper, ship­ping gi­ant Maer­sk, and even a West Vir­ginia hos­pi­tal, which was forced to scrap its elec­tron­ic med­ical records in fa­vor of pa­per.

The core tech­nol­o­gy in Petya is called ETER­NAL­BLUE and it was de­vel­oped by Amer­i­can spy agen­cies, the Wash­ing­ton Post pre­vi­ous­ly re­port­ed.  Ob­vi­ous­ly, it was nev­er in­tend­ed for wide dis­tri­b­u­tion. It re­lied on bugs in Win­dows that Mi­crosoft pre­sum­ably wasn’t aware of un­til ear­li­er this year, when a group of still-un­known hack­ers call­ing them­selves Shad­ow­Bro­kers al­leged­ly broke in­to the US NSA and de­mand­ed pay­ment in ex­change not re­leas­ing the ul­tra-se­cret ex­ploits.

The stolen tools were even­tu­al­ly dumped on the in­ter­net.

In March, Mi­crosoft quick­ly is­sued a crit­i­cal bul­letin ad­vis­ing IT ad­min­is­tra­tors of the pre­cise steps need­ed to patch their sys­tems to pre­vent hack­ers — rang­ing from the state-spon­sored to lone-wolves — in us­ing the ETER­NAL­BLUE tech­nol­o­gy to gain unau­tho­rized ac­cess to their net­works. Ex­perts rec­om­mend crit­i­cal bul­letins be in­stalled im­me­di­ate­ly, ver­sus mere­ly rec­om­mend­ed ones, which large com­pa­nies some­times test out be­fore de­ploy­ing to a large net­work.

Then in May, the first glob­al at­tack based on this ex­ploit, dubbed Wan­naCry, spread wide­ly, no­tably shut­ting down six­teen hos­pi­tals in the UK.

Mi­crosoft is­sued yet an­oth­er patch in the af­ter­math, and along with the most promi­nent se­cu­ri­ty firms world­wide, be­gan plead­ing with com­pa­nies to im­me­di­ate­ly em­ploy these cru­cial patch­es to pre­vent unau­tho­rized ac­cess to pri­vate net­works.

So af­ter con­tin­u­ous warn­ings from Mi­crosoft start­ing in March, with two crit­i­cal soft­ware up­dates, and a glob­al cy­ber­at­tack in May which showed the po­ten­tial im­pacts on the health­care in­dus­try, Mer­ck still ne­glect­ed to up­date their sys­tems.

Re­peat­ed at­tempts to con­tact Mer­ck have been un­suc­cess­ful.


UP­DATE 7:42p ET: A Mer­ck spokesper­son sent End­points News the fol­low­ing state­ment:

We have made good progress in our re­sponse to the June 27 glob­al cy­ber at­tack. We have im­ple­ment­ed busi­ness con­ti­nu­ity plans and con­tin­ue to ship or­ders and meet pa­tients’ needs.

We and our ex­ter­nal part­ners see no in­di­ca­tion that the com­pa­ny’s da­ta have been com­pro­mised.

Gov­ern­ment au­thor­i­ties work­ing with us have con­firmed that the mal­ware re­spon­si­ble for the at­tack con­tained a unique com­bi­na­tion of char­ac­ter­is­tics that en­abled it to in­fect com­pa­ny sys­tems de­spite in­stal­la­tion of re­cent soft­ware patch­es.

Norbert Bischofberger. Kronos

Backed by some of the biggest names in biotech, Nor­bert Bischof­berg­er gets his megaround for plat­form tech out of MIT

A little over a year ago when I reported on Norbert Bischofberger’s jump from the CSO job at giant Gilead to a tiny upstart called Kronos, I noted that with his connections in biotech finance, that $18 million launch round he was starting off with could just as easily have been $100 million or more.

With his first anniversary now behind him, Bischofberger has that mega-round in the bank.

Endpoints News

Basic subscription required

Unlock this story instantly and join 55,100+ biopharma pros reading Endpoints daily — and it's free.

Francesco De Rubertis

Medicxi is rolling out its biggest fund ever to back Eu­rope's top 'sci­en­tists with strange ideas'

Francesco De Rubertis built Medicxi to be the kind of biotech venture player he would have liked to have known back when he was a full time scientist.

“When I was a scientist 20 years ago I would have loved Medicxi,’ the co-founder tells me. It’s the kind of place run by and for investigators, what the Medicxi partner calls “scientists with strange ideas — a platform for the drug hunter and scientific entrepreneur. That’s what I wanted when I was a scientist.”

Endpoints News

Basic subscription required

Unlock this story instantly and join 55,100+ biopharma pros reading Endpoints daily — and it's free.

Af­ter a decade, Vi­iV CSO John Pot­tage says it's time to step down — and he's hand­ing the job to long­time col­league Kim Smith

ViiV Healthcare has always been something unique in the global drug industry.

Owned by GlaxoSmithKline and Pfizer — with GSK in the lead as majority owner — it was created 10 years ago in a time of deep turmoil for the field as something independent of the pharma giants, but with access to lots of infrastructural support on demand. While R&D at the mother ship inside GSK was souring, a razor-focused ViiV provided a rare bright spot, challenging Gilead on a lucrative front in delivering new combinations that require fewer therapies with a more easily tolerated regimen.

They kept a massive number of people alive who would otherwise have been facing a death sentence. And they made money.

And throughout, John Pottage has been the chief scientific and chief medical officer.

Until now.

Endpoints News

Basic subscription required

Unlock this story instantly and join 55,100+ biopharma pros reading Endpoints daily — and it's free.

Chas­ing Roche's ag­ing block­buster fran­chise, Am­gen/Al­ler­gan roll out Avastin, Her­ceptin knock­offs at dis­count

Let the long battle for biosimilars in the cancer space begin.

Amgen has launched its Avastin and Herceptin copycats — licensed from the predecessors of Allergan — almost two years after the FDA had stamped its approval on Mvasi (bevacizumab-awwb) and three months after the Kanjinti OK (trastuzumab-anns). While the biotech had been fielding biosimilars in Europe, this marks their first foray in the US — and the first oncology biosimilars in the country.

Seer adds ex-FDA chief Mark Mc­Clel­lan to the board; Her­cules Cap­i­tal makes it of­fi­cial for new CEO Scott Bluestein

→ On the same day it announced a $17.5 million Series C, life sciences and health data company Seer unveiled that it had lured former FDA commissioner and ex-CMS administrator Mark McClellan on to its board. “Mark’s deep understanding of the health care ecosystem and visionary insights on policy reform will be crucial in informing our thinking as we work to bring our liquid biopsy and life sciences products to market,” said Seer chief and founder Omid Farokhzad in a statement.

Daniel O'Day

No­var­tis hands off 3 pre­clin­i­cal pro­grams to the an­tivi­ral R&D mas­ters at Gilead

Gilead CEO Daniel O’Day’s new task hunting up a CSO for the company isn’t stopping the industry’s dominant antiviral player from doing pipeline deals.

The big biotech today snapped up 3 preclinical antiviral programs from pharma giant Novartis, with drugs promising to treat human rhinovirus, influenza and herpes viruses. We don’t know what the upfront is, but the back end has $291 million in milestones baked in.

Vas Narasimhan, AP Images

On a hot streak, No­var­tis ex­ecs run the odds on their two most im­por­tant PhI­II read­outs. Which is 0.01% more like­ly to suc­ceed?

Novartis CEO Vas Narasimhan is living in the sweet spot right now.

The numbers are running a bit better than expected, the pipeline — which he assembled as development chief — is performing and the stock popped more than 4% on Thursday as the executive team ran through their assessment of Q2 performance.

Year-to-date the stock is up 28%, so the investors will be beaming. Anyone looking for chinks in their armor — and there are plenty giving it a shot — right now focus on payer acceptance of their $2.1 million gene therapy Zolgensma, where it’s early days. And CAR-T continues to underperform, but Novartis doesn’t appear to be suffering from it.

So what could go wrong?

Actually, not much. But Tim Anderson at Wolfe pressed Narasimhan and his development chief John Tsai to pick which of two looming Phase III readouts with blockbuster implication had the better odds of success.

Endpoints News

Basic subscription required

Unlock this story instantly and join 55,100+ biopharma pros reading Endpoints daily — and it's free.

On a glob­al romp, Boehringer BD team picks up its third R&D al­liance for Ju­ly — this time fo­cused on IPF with $50M up­front

Boehringer Ingelheim’s BD team is on a global deal spree. The German pharma company just wrapped its third deal in 3 weeks, going back to Korea for its latest pipeline pact — this time focused on idiopathic pulmonary fibrosis.

They’re handing over $50 million to get their hands on BBT-877, an ATX inhibitor from Korea’s Bridge Biotherapeutics that was on display at a science conference in Dallas recently. There’s not a whole lot of data to evaluate the prospects here.

Endpoints News

Basic subscription required

Unlock this story instantly and join 55,100+ biopharma pros reading Endpoints daily — and it's free.

Servi­er scoots out of an­oth­er col­lab­o­ra­tion with Macro­Gen­ics, writ­ing off their $40M

Servier is walking out on a partnership with MacroGenics $MGNX — for the second time.

After the market closed on Wednesday MacroGenics put out word that Servier is severing a deal — inked close to 7 years ago — to collaborate on the development of flotetuzumab and other Dual-Affinity Re-Targeting (DART) drugs in its pipeline.

MacroGenics CEO Scott Koenig shrugged off the departure of Servier, which paid $20 million to kick off the alliance and $20 million to option flotetuzumab — putting a heavily back-ended $1 billion-plus in additional biobuck money on the table for the anti-CD123/CD3 bispecific and its companion therapies.