Mer­ck left the door open to a dev­as­tat­ing cy­ber­at­tack, miss­ing two chances to raise a de­fense

Mer­ck missed two crit­i­cal op­por­tu­ni­ties ear­li­er this year to in­oc­u­late them­selves from the vi­cious cy­ber­at­tack they suf­fered this week, roil­ing op­er­a­tions and rais­ing ques­tions about their lack of prepa­ra­tion to de­fend them­selves.

The June 27 “Petya/Not­Petya” cy­ber­at­tack hit the multi­na­tion­al Mer­ck and sev­er­al oth­er com­pa­nies, such as the law firm DLA Piper, ship­ping gi­ant Maer­sk, and even a West Vir­ginia hos­pi­tal, which was forced to scrap its elec­tron­ic med­ical records in fa­vor of pa­per.

The core tech­nol­o­gy in Petya is called ETER­NAL­BLUE and it was de­vel­oped by Amer­i­can spy agen­cies, the Wash­ing­ton Post pre­vi­ous­ly re­port­ed.  Ob­vi­ous­ly, it was nev­er in­tend­ed for wide dis­tri­b­u­tion. It re­lied on bugs in Win­dows that Mi­crosoft pre­sum­ably wasn’t aware of un­til ear­li­er this year, when a group of still-un­known hack­ers call­ing them­selves Shad­ow­Bro­kers al­leged­ly broke in­to the US NSA and de­mand­ed pay­ment in ex­change not re­leas­ing the ul­tra-se­cret ex­ploits.

The stolen tools were even­tu­al­ly dumped on the in­ter­net.

In March, Mi­crosoft quick­ly is­sued a crit­i­cal bul­letin ad­vis­ing IT ad­min­is­tra­tors of the pre­cise steps need­ed to patch their sys­tems to pre­vent hack­ers — rang­ing from the state-spon­sored to lone-wolves — in us­ing the ETER­NAL­BLUE tech­nol­o­gy to gain unau­tho­rized ac­cess to their net­works. Ex­perts rec­om­mend crit­i­cal bul­letins be in­stalled im­me­di­ate­ly, ver­sus mere­ly rec­om­mend­ed ones, which large com­pa­nies some­times test out be­fore de­ploy­ing to a large net­work.

Then in May, the first glob­al at­tack based on this ex­ploit, dubbed Wan­naCry, spread wide­ly, no­tably shut­ting down six­teen hos­pi­tals in the UK.

Mi­crosoft is­sued yet an­oth­er patch in the af­ter­math, and along with the most promi­nent se­cu­ri­ty firms world­wide, be­gan plead­ing with com­pa­nies to im­me­di­ate­ly em­ploy these cru­cial patch­es to pre­vent unau­tho­rized ac­cess to pri­vate net­works.

So af­ter con­tin­u­ous warn­ings from Mi­crosoft start­ing in March, with two crit­i­cal soft­ware up­dates, and a glob­al cy­ber­at­tack in May which showed the po­ten­tial im­pacts on the health­care in­dus­try, Mer­ck still ne­glect­ed to up­date their sys­tems.

Re­peat­ed at­tempts to con­tact Mer­ck have been un­suc­cess­ful.


UP­DATE 7:42p ET: A Mer­ck spokesper­son sent End­points News the fol­low­ing state­ment:

We have made good progress in our re­sponse to the June 27 glob­al cy­ber at­tack. We have im­ple­ment­ed busi­ness con­ti­nu­ity plans and con­tin­ue to ship or­ders and meet pa­tients’ needs.

We and our ex­ter­nal part­ners see no in­di­ca­tion that the com­pa­ny’s da­ta have been com­pro­mised.

Gov­ern­ment au­thor­i­ties work­ing with us have con­firmed that the mal­ware re­spon­si­ble for the at­tack con­tained a unique com­bi­na­tion of char­ac­ter­is­tics that en­abled it to in­fect com­pa­ny sys­tems de­spite in­stal­la­tion of re­cent soft­ware patch­es.

Is a pow­er­house Mer­ck team prepar­ing to leap past Roche — and leave Gilead and Bris­tol My­ers be­hind — in the race to TIG­IT dom­i­na­tion?

Roche caused quite a stir at ASCO with its first look at some positive — but not so impressive — data for their combination of Tecentriq with their anti-TIGIT drug tiragolumab. But some analysts believe that Merck is positioned to make a bid — soon — for the lead in the race to a second-wave combo immuno-oncology approach with its own ambitious early-stage program tied to a dominant Keytruda.

Endpoints Premium

Premium subscription required

Unlock this article along with other benefits by subscribing to one of our paid plans.

BiTE® Plat­form and the Evo­lu­tion To­ward Off-The-Shelf Im­muno-On­col­o­gy Ap­proach­es

Despite rapid advances in the field of immuno-oncology that have transformed the cancer treatment landscape, many cancer patients are still left behind.1,2 Not every person has access to innovative therapies designed specifically to treat his or her disease. Many currently available immuno-oncology-based approaches and chemotherapies have brought long-term benefits to some patients — but many patients still need other therapeutic options.3

GSK presents case to ex­pand use of its lu­pus drug in pa­tients with kid­ney dis­ease, but the field is evolv­ing. How long will the mo­nop­oly last?

In 2011, GlaxoSmithKline’s Benlysta became the first biologic to win approval for lupus patients. Nine years on, the British drugmaker has unveiled detailed positive results from a study testing the drug in lupus patients with associated kidney disease — a post-marketing requirement from the initial FDA approval.

Lupus is a drug developer’s nightmare. In the last six decades, there has been just one FDA approval (Benlysta), with the field resembling a graveyard in recent years with a string of failures including UCB and Biogen’s late-stage flop, as well as defeats in Xencor and Sanofi’s programs. One of the main reasons the success has eluded researchers is because lupus, akin to cancer, is not just one disease — it really is a disease of many diseases, noted Al Roy, executive director of Lupus Clinical Investigators Network, an initiative of New York-based Lupus Research Alliance that claims it is the world’s leading private funder of lupus research, in an interview.

Gilead bol­sters its case for block­buster hope­ful fil­go­tinib as FDA pon­ders its de­ci­sion

Before remdesivir soaked up the spotlight amid the coronavirus crisis, Gilead’s filgotinib was the star experimental drug tapped to rake in billions competing with other JAK inhibitors made by rivals including AbbVie and Eli Lilly.

Now, long term data on the drug — discovered by Gilead’s partners at Galapagos and posted as part of a virtual medical conference — have solidified the durability and safety of filgotinib in patients with rheumatoid arthritis, spanning data from three late-stage trials. An FDA decision on the drug is expected this year.

UP­DAT­ED: Es­ti­mat­ing a US price tag of $5K per course, remde­sivir is set to make bil­lions for Gilead, says key an­a­lyst

Data on remdesivir — the first drug shown to benefit Covid-19 patients in a randomized, controlled trial setting — may be murky, but its maker Gilead could reap billions from the sales of the failed Ebola therapy, according to an estimate by a prominent Wall Street analyst. However, the forecast, which is based on a $5,000-per-course US price tag, triggered the ire of one top drug price expert.

Leen Kawas, Athira CEO (Athira)

Can a small biotech suc­cess­ful­ly tack­le an Ever­est climb like Alzheimer’s? Athi­ra has $85M and some in­flu­en­tial back­ers ready to give it a shot

There haven’t been a lot of big venture rounds for biotech companies looking to run a Phase II study in Alzheimer’s.

The field has been a disaster over the past decade. Amyloid didn’t pan out as a target — going down in a litany of Phase III failures — and is now making its last stand at Biogen. Tau is a comer, but when you look around and all you see is destruction, the idea of backing a startup trying to find complex cocktails to swing the course of this devilishly complicated memory-wasting disease would daunt the pluckiest investors.

Covid-19 roundup: Mod­er­na read­ies to en­ter PhI­II in Ju­ly, As­traZeneca not far be­hind; EU ready to ne­go­ti­ate vac­cine ac­cess with $2.7B fund

Moderna may soon add another first to the Covid-19 vaccine race.

In March, the mRNA biotech was the first company to put a Covid-19 vaccine into humans. Next month, they may become the first company to put their vaccine into the large, late-stage trials that are needed to prove whether the vaccine is effective.

In an interview with JAMA editor Howard Bauchner, NIAID chief Anthony Fauci said that a 30,000-person, Phase III trial for Moderna’s vaccine could start in July. The news comes a week after Moderna began a Phase II study that will enroll several hundred people.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 83,000+ biopharma pros reading Endpoints daily — and it's free.

José Basel­ga finds promise in new class of RNA-mod­i­fy­ing can­cer tar­gets, lock­ing in 3 pre­clin­i­cal pro­grams with $55M

Having dived early into some of the RNA breakthroughs of the last decades — betting on Moderna’s mRNA tech and teaming up with Silence on the siRNA front — AstraZeneca is jumping into a new arena: going after proteins that modify RNA.

Their partner of choice is Accent Therapeutics, which is receiving $55 million in upfront payment to steer a selected preclinical program through to the end of Phase I. After AstraZeneca takes over, the Lexington, MA-based startup has the option to co-develop and co-commercialize in the US — and collect up to $1.1 billion in milestones in the long run. The deal also covers two other potential drug candidates.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 83,000+ biopharma pros reading Endpoints daily — and it's free.

David Meline, incoming Moderna CFO

Am­gen vet David Meline finds a new CFO roost at Mod­er­na, tak­ing a ride on the Covid-19 tiger as de­part­ing ex­ec cash­es out with $12M

We found out a few weeks ago that Moderna CFO Lorence Kim isn’t waiting around to see how the biotech wunderkind makes out in its frantic race to field a messenger RNA vaccine that can quell Covid-19. And now we know who’s stepping on board to take his place in the latest move in the executive suite.

David Meline, who forged his rep during a 6-year run at Amgen, slipped out the exit right after his Q2 “retirement” party in California — presumably virtual — and started the next chapter of his career at a biotech company betting big on revolutionizing the vaccine R&D space.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 83,000+ biopharma pros reading Endpoints daily — and it's free.