Ran­somware at­tack hit clin­i­cal tri­als soft­ware play­er ERT — two weeks lat­er, they’re com­ing back on­line

One of the largest bio­med­ical ran­somware at­tacks in US his­to­ry was re­vealed last week, when IT sys­tems at 250 lo­ca­tions in a ma­jor Amer­i­can hos­pi­tal chain fell vic­tim to face­less ex­tor­tion­ists — forc­ing them to take sys­tems of­fline, di­rect­ing staff to work off pen and pa­per, and bring­ing in out­side se­cu­ri­ty con­sul­tants to mit­i­gate the dam­age.

Turns out that a week pri­or, on Sept. 20, a sim­i­lar, much small­er at­tack be­fell eRe­searchTech­nol­o­gy, a lead­ing clin­i­cal tri­al soft­ware provider to CROs and spon­sors.

Drew Bus­tos

That Sun­day, staff at ERT were locked out of cru­cial da­ta and re­al­ized they were un­der a ran­somware at­tack. “Our net­work team iden­ti­fied the is­sue quick­ly, and we took our sys­tems of­fline,” Drew Bus­tos, ERT’s VP of mar­ket­ing, told me in an in­ter­view.

The CRO gi­ant IQVIA, who us­es ERT soft­ware in some of the tri­als they run for spon­sors, ac­knowl­edged the in­ci­dent in a state­ment to End­points News and said it had a lim­it­ed im­pact on op­er­a­tions. “[IQVIA] im­ple­ment­ed back­up pro­to­cols im­me­di­ate­ly to en­sure the con­ti­nu­ity and in­tegri­ty of sev­er­al on­go­ing tri­als that use ERT, and we no­ti­fied af­fect­ed spon­sors ac­cord­ing­ly. The cur­rent tech­ni­cal is­sues af­fect­ing ERT have not in­fil­trat­ed any IQVIA sys­tems.”

Bus­tos told me that no clin­i­cal source da­ta was im­pact­ed at ERT and that the ma­jor­i­ty of their sys­tems are now back on­line.

The IQVIA state­ment con­firms no sen­si­tive da­ta have been com­pro­mised, but that an in­ves­ti­ga­tion is still on­go­ing: “At this point in the in­ves­ti­ga­tion, we are not aware of any con­fi­den­tial da­ta or pa­tient in­for­ma­tion, re­lat­ed to our clin­i­cal tri­al ac­tiv­i­ties, which have been re­moved, com­pro­mised or stolen.”

The in­ci­dent rais­es ques­tions on the bio­phar­ma in­dus­try’s pre­pared­ness to deal with se­vere cy­ber­at­tacks that could en­dan­ger the in­tegri­ty of clin­i­cal tri­als and oth­er da­ta-rich R&D ef­forts.

Er­ic Per­ak­slis

“The abil­i­ty for com­pa­nies to quick­ly with­stand this kind of at­tack is com­plete­ly de­pen­dent on how good your IT is to be­gin with,” said Er­ic Per­ak­slis, who has served as the FDA’s CIO and held se­nior IT po­si­tions at J&J and Take­da, and is now a Ruben­stein Fel­low at Duke Uni­ver­si­ty.

While Per­ak­slis isn’t privy to any of the de­tails be­hind this par­tic­u­lar at­tack, he re­it­er­at­ed that a rig­or­ous and fre­quent­ly test­ed back­up sys­tem great­ly re­duces risk to ran­somware. “If your da­ta is backed up every evening at 5pm, and you test it know­ing it can all be re­stored by 8am the next morn­ing, that’s ba­sic IT hy­giene,” he told me.

Mon­ey is the mo­ti­vat­ing fac­tor be­hind most ran­somware at­tacks. “We’re gonna cut you off from your da­ta and trans­ac­tions un­til we get paid,” is how Per­ak­slis de­scribed it to me. This sum­mer the med­ical school at UCSF paid $1.14M — in vir­tu­al­ly un­trace­able Bit­coin — to ex­tor­tion­ists in ex­change for a tool to un­lock their da­ta.

Bus­tos de­clined to say whether ERT paid any ran­som to the hack­ers, nor would he iden­ti­fy the out­side se­cu­ri­ty ex­perts brought in to mit­i­gate the is­sue. He notes the com­pa­ny has tak­en steps to pre­vent a sim­i­lar in­ci­dent in the fu­ture. “We’re fol­low­ing the ad­vice of a world-class se­cu­ri­ty firm, and adopt­ing their best prac­tices to aug­ment our ex­ist­ing de­fens­es.”

“It’s some­thing that’s un­for­tu­nate and no­body wants to be im­pact­ed by cy­ber­se­cu­ri­ty is­sues. But it is some­thing that we feel that we are work­ing to­wards re­me­di­a­tion,” he added.

The in­ci­dent was first re­port­ed by the New York Times.

Stephen Hahn, FDA commissioner (AP Images)

As FDA sets the stage for the first Covid-19 vac­cine EUAs, some big play­ers are ask­ing for a tweak of the guide­lines

Setting the stage for an extraordinary one-day meeting of the Vaccines and Related Biological Products Advisory Committee this Thursday, the FDA has cleared 2 experts of financial conflicts to help beef up the committee. And regulators went on to specify the safety, efficacy and CMC input they’re looking for on EUAs, before they move on to the full BLA approval process.

All of this has already been spelled out to the developers. But the devil is in the details, and it’s clear from the first round of posted responses that some of the top players — including J&J and Pfizer — would like some adjustments and added feedback. And on Thursday, the experts can offer their own thoughts on shaping the first OKs.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 92,100+ biopharma pros reading Endpoints daily — and it's free.

A new chap­ter in the de­cen­tral­ized clin­i­cal tri­al ap­proach

Despite the promised decentralized trial revolution, we haven’t yet moved the needle in a significant way, although we are seeing far bolder commitments to this as we continue to experience the pandemic restrictions for some time to come. The vision of grandeur is one thing, but operationalizing and execution are another and recognising that change, particularly mid-flight on studies, is worthy of thorough evaluation and consideration in order to achieve success. Here we will discuss one of the critical building blocks of a Decentralized and Remote Trial strategy: TeleConsent; more than paper under glass, it is a paradigm change and key digital enabler.

Michel Vounatsos, Biogen CEO (via YouTube)

UP­DAT­ED: Bio­gen spot­lights a pair of painful pipeline set­backs as ad­u­canum­ab show­down looms at the FDA

Biogen has flagged a pair of setbacks in the pipeline, spotlighting the final failure for a one-time top MS prospect while scrapping a gene therapy for SMA after the IND was put on hold due to toxicity.

Both failures will raise the stakes even higher on aducanumab, the Alzheimer’s drug that Biogen is betting the ranch on, determined to pursue an FDA OK despite significant skepticism they can make it with mixed results and a reliance on post hoc data mining. And the failures are being reported as Biogen was forced to cut its profit forecast for 2020 as a generic rival started to erode their big franchise drug.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 92,100+ biopharma pros reading Endpoints daily — and it's free.

Years af­ter a ma­jor tri­al set­back, No­var­tis switch­es gears with SMA drug. This time they're try­ing it for Hunt­ing­ton's

Four years after a Phase I/II setback in spinal muscular atrophy (SMA), Novartis is hoping its drug branaplam will find more success in a new neurological indication: Huntington’s disease.

The decision was announced a year after the head of research, Jay Bradner, said he did not see a “big opportunity” in SMA, according to Reuters. Novartis says it has preclinical data showing that branaplam reduces levels of mutant huntingtin protein, and SMA data showing patients on the drug had reductions in huntingtin mRNA. The FDA gave branaplam their orphan drug designation, and Novartis plans to move forth with a Phase IIb trial next year.

Lit­tle Zosano takes an­oth­er beat­ing as the FDA slaps down their ap­pli­ca­tion for a mi­graine patch

Zosano $ZSAN has officially come up short in its bid to develop a migraine patch.

The FDA rejected the company’s application to repurpose the triptan zolmitriptan in a new delivery system as Qtrypta, Zosano said Wednesday morning, issuing a CRL for the microneedle patch. Regulators cited inconsistent exposure levels across multiple clinical trials as the main reason for the thumbs down.

Investors did not take too kindly to the news, with Zosano shares plunking down around 25%. The company is requesting a Type A meeting to “provide clarity on the next steps for the program,” CEO Steven Lo said in a statement.

Glax­o­SmithK­line's vac­cines group aims for a first as it kicks off PhI­II RSV stud­ies

One of GlaxoSmithKline’s big projects at its global vaccine R&D center in Rockville, MD is set to enter Phase III after passing early-stage tests with flying colors.

Eyeing the wide-open respiratory syncytial virus (RSV) space, GSK is pushing two different vaccine candidates: GSK3888550A is designed to confer protection to infants via maternal immunization, while GSK3844766A is meant for the elderly.

Pfizer CEO Albert Bourla (Drew Angerer/Getty Images)

Pfiz­er is on the verge of claim­ing a multi­bil­lion-dol­lar first-mover ad­van­tage with their Covid-19 vac­cine — an­a­lyst

From the beginning, Pfizer CEO Albert Bourla eschewed government funding for his Covid-19 vaccine work with BioNTech, willing to take all the $2 billion-plus risk of a lightning-fast development campaign in exchange for all the rewards that could fall its way with success. And now that the pharma giant has seized a solid lead in the race to the market, those rewards loom large.

SVB Leerink’s Geoff Porges has been running the numbers on Pfizer’s vaccine, the mRNA BNT162b2 program that the German biotech partnered on. And he sees a $3.5 billion peak in windfall revenue next year alone. Even after the pandemic is brought to heel, though, Porges sees a continuing blockbuster role for this vaccine as people around the world look to guard against a new, thoroughly endemic virus that will pose a permanent threat.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 92,100+ biopharma pros reading Endpoints daily — and it's free.

UP­DAT­ED: CRISPR Ther­a­peu­tics gets a snap­shot of off-the-shelf CAR-T suc­cess in B-cell ma­lig­nan­cies — marred by the death of a pa­tient

Just days after scientific founder Emmanuelle Charpentier shared the Nobel prize for her work on CRISPR/Cas9, CRISPR Therapeutics $CRSP is showing off a snapshot of success in their early-stage study for an off-the-shelf CAR-T approach to CD19+ B cell malignancies — a snapshot marred by the death of a patient who had been given a high dose of the treatment.

Using their gene editing tech, researchers for CRISPR engineered cells from healthy donors into an attack vehicle aimed at cancer, something that has been achieved with great success using patients’ own cells — the autologous approach. But autologous CAR-T is hampered by the more complex vein-to-vein requirement that delays treatment, and now CRISPR Therapeutics along with other players like Allogene are determined to replace the pioneers with CAR-T 2.0.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 92,100+ biopharma pros reading Endpoints daily — and it's free.

Pur­due Phar­ma signs guilty plea, preps $8B+ set­tle­ment on Oxy con­tro­ver­sy — re­port; Flag­ship brings in a comms chief

Purdue Pharma may soon be signing off on a guilty plea and an $8 million-plus settlement to wrap up its controversial role distributing OxyContin.

The AP has the breaking story this morning.

Purdue filed for bankruptcy last year, along with Insys and followed by Mallinckrodt, as it navigated its way through a blizzard of litigation surrounding Oxy, which triggered an epidemic of abuse around the country.