Ran­somware at­tack hit clin­i­cal tri­als soft­ware play­er ERT — two weeks lat­er, they’re com­ing back on­line

One of the largest bio­med­ical ran­somware at­tacks in US his­to­ry was re­vealed last week, when IT sys­tems at 250 lo­ca­tions in a ma­jor Amer­i­can hos­pi­tal chain fell vic­tim to face­less ex­tor­tion­ists — forc­ing them to take sys­tems of­fline, di­rect­ing staff to work off pen and pa­per, and bring­ing in out­side se­cu­ri­ty con­sul­tants to mit­i­gate the dam­age.

Turns out that a week pri­or, on Sept. 20, a sim­i­lar, much small­er at­tack be­fell eRe­searchTech­nol­o­gy, a lead­ing clin­i­cal tri­al soft­ware provider to CROs and spon­sors.

Drew Bus­tos

That Sun­day, staff at ERT were locked out of cru­cial da­ta and re­al­ized they were un­der a ran­somware at­tack. “Our net­work team iden­ti­fied the is­sue quick­ly, and we took our sys­tems of­fline,” Drew Bus­tos, ERT’s VP of mar­ket­ing, told me in an in­ter­view.

The CRO gi­ant IQVIA, who us­es ERT soft­ware in some of the tri­als they run for spon­sors, ac­knowl­edged the in­ci­dent in a state­ment to End­points News and said it had a lim­it­ed im­pact on op­er­a­tions. “[IQVIA] im­ple­ment­ed back­up pro­to­cols im­me­di­ate­ly to en­sure the con­ti­nu­ity and in­tegri­ty of sev­er­al on­go­ing tri­als that use ERT, and we no­ti­fied af­fect­ed spon­sors ac­cord­ing­ly. The cur­rent tech­ni­cal is­sues af­fect­ing ERT have not in­fil­trat­ed any IQVIA sys­tems.”

Bus­tos told me that no clin­i­cal source da­ta was im­pact­ed at ERT and that the ma­jor­i­ty of their sys­tems are now back on­line.

The IQVIA state­ment con­firms no sen­si­tive da­ta have been com­pro­mised, but that an in­ves­ti­ga­tion is still on­go­ing: “At this point in the in­ves­ti­ga­tion, we are not aware of any con­fi­den­tial da­ta or pa­tient in­for­ma­tion, re­lat­ed to our clin­i­cal tri­al ac­tiv­i­ties, which have been re­moved, com­pro­mised or stolen.”

The in­ci­dent rais­es ques­tions on the bio­phar­ma in­dus­try’s pre­pared­ness to deal with se­vere cy­ber­at­tacks that could en­dan­ger the in­tegri­ty of clin­i­cal tri­als and oth­er da­ta-rich R&D ef­forts.

Er­ic Per­ak­slis

“The abil­i­ty for com­pa­nies to quick­ly with­stand this kind of at­tack is com­plete­ly de­pen­dent on how good your IT is to be­gin with,” said Er­ic Per­ak­slis, who has served as the FDA’s CIO and held se­nior IT po­si­tions at J&J and Take­da, and is now a Ruben­stein Fel­low at Duke Uni­ver­si­ty.

While Per­ak­slis isn’t privy to any of the de­tails be­hind this par­tic­u­lar at­tack, he re­it­er­at­ed that a rig­or­ous and fre­quent­ly test­ed back­up sys­tem great­ly re­duces risk to ran­somware. “If your da­ta is backed up every evening at 5pm, and you test it know­ing it can all be re­stored by 8am the next morn­ing, that’s ba­sic IT hy­giene,” he told me.

Mon­ey is the mo­ti­vat­ing fac­tor be­hind most ran­somware at­tacks. “We’re gonna cut you off from your da­ta and trans­ac­tions un­til we get paid,” is how Per­ak­slis de­scribed it to me. This sum­mer the med­ical school at UCSF paid $1.14M — in vir­tu­al­ly un­trace­able Bit­coin — to ex­tor­tion­ists in ex­change for a tool to un­lock their da­ta.

Bus­tos de­clined to say whether ERT paid any ran­som to the hack­ers, nor would he iden­ti­fy the out­side se­cu­ri­ty ex­perts brought in to mit­i­gate the is­sue. He notes the com­pa­ny has tak­en steps to pre­vent a sim­i­lar in­ci­dent in the fu­ture. “We’re fol­low­ing the ad­vice of a world-class se­cu­ri­ty firm, and adopt­ing their best prac­tices to aug­ment our ex­ist­ing de­fens­es.”

“It’s some­thing that’s un­for­tu­nate and no­body wants to be im­pact­ed by cy­ber­se­cu­ri­ty is­sues. But it is some­thing that we feel that we are work­ing to­wards re­me­di­a­tion,” he added.

The in­ci­dent was first re­port­ed by the New York Times.

Has the mo­ment fi­nal­ly ar­rived for val­ue-based health­care?

RBC Capital Markets’ Healthcare Technology Analyst, Sean Dodge, spotlights a new breed of tech-enabled providers who are rapidly transforming the way clinicians deliver healthcare, and explores the key question: can this accelerating revolution overturn the US healthcare system?

Key points

Tech-enabled healthcare providers are poised to help the US transition to value, not volume, as the basis for reward.
The move to value-based care has policy momentum, but is risky and complex for clinicians.
Outsourced tech specialists are emerging to provide the required expertise, while healthcare and tech are also converging through M&A.
Value-based care remains in its early stages, but the transition is accelerating and represents a huge addressable market.

Alaa Halawaa, executive director at Mubadala’s US venture group

The ven­ture crew at Mubadala are up­ping their biotech cre­ation game, tak­ing care­ful aim at a new fron­tier in drug de­vel­op­ment

It started with a cup of coffee and a slow burning desire to go early and long in the biotech creation business.

Wrapping up a 15-year discovery stint at Genentech back in the summer of 2021, Rami Hannoush was treated to a caffeine-fueled review of the latest work UCSF’s Jim Wells had been doing on protein degradation — one of the hottest fields in drug development.

“Jim and I have known each other for the past 15 years through Genentech collaborations. We met over coffee, and he was telling me about this concept of the company that he was thinking of,” says Hannoush. “And I got immediately intrigued by it because I knew that this could open up a big space in terms of adding a new modality in drug discovery that is desperately needed in pharma.”

Endpoints Premium

Premium subscription required

Unlock this article along with other benefits by subscribing to one of our paid plans.

'Band­ing to­geth­er': 50 fe­male biotech ex­ec­u­tives lay out plans for board di­ver­si­ty, new com­pa­nies and men­tor­ing founders

Earlier this month, during the Silicon Valley Bank meltdown, Angie You recalled the speed with which female biotech CEOs were helping each other connect with bankers, get their wires through and assuage concerns during a financial implosion.

This past weekend, 50 of about 125 women who are part of that Slack group and a broader coalition self-dubbed the Biotech Sisterhood met in person in Cancun for the second rendition of an annual summit connecting female biotech CEOs. The attendance list doubled that of the inaugural gathering in Arizona 12 months ago.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 163,400+ biopharma pros reading Endpoints daily — and it's free.

No­var­tis touts sev­en years of dura­bil­i­ty da­ta for Zol­gens­ma

The same day that Roche touted positive durability and safety data for its spinal muscular atrophy drug Evrysdi, Novartis also made a splash with its multi-million dollar gene therapy for the disease.

Novartis rolled out interim data from two long-term follow-up studies Monday at the 2023 Muscular Dystrophy Association (MDA) Clinical and Scientific Conference. In the first study, LT-001, all children in the trial that were treated after showing symptoms of SMA “maintained all previously achieved motor milestones” up to 7.5 years after being dosed. The average time since Zolgensma was given was 6.86 years.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 163,400+ biopharma pros reading Endpoints daily — and it's free.

Rohan Palekar, 89bio CEO

89bio’s PhII da­ta add to quick suc­ces­sion of NASH read­outs as field seeks turn­around

89bio said its drug was better than placebo at lessening fibrosis without worsening nonalcoholic steatohepatitis, or NASH, in two of three dose groups.

The San Francisco biotech said it thinks the Phase IIb data pave the way for a potential Phase III, following in the footsteps of another biotech in its drug class, Akero Therapeutics. To fund a late-stage study, CEO Rohan Palekar told Endpoints News 89bio “would need to raise additional capital,” with the company having about $188 million at the end of last year.

Flare Therapeutics biochemists Yong Li (L) and Valerie Vivat

A $123M Flare will get Third Rock on­col­o­gy biotech in­to the clin­ic this year

Flare Therapeutics will start its first human trial this year with an investigational urothelial cancer drug after pulling together a $123 million Series B from Big Pharmas, VCs and its incubator, Third Rock Ventures.

Launched in 2021 on the idea that a biotech could finally succeed at drugging the much-sought-after but stubborn transcription factor, Flare Therapeutics said Wednesday it is now primed for the clinic after closing its large financing haul earlier this year. The raise is a relatively stark figure in a tough startup financing environment but further buoys the upbeat signals coming out of other Third Rock biotechs in recent weeks, including the $200 million CARGO Therapeutics and $100 million Rapport Therapeutics rounds.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 163,400+ biopharma pros reading Endpoints daily — and it's free.

Francesco Marincola, newly-appointed Sonata Therapeutics CSO

Kite's head of re­search leaves for Flag­ship start­up Sonata

Another leader is departing Kite Pharma, and will to spend the “last part” of his career exploring how cancer evades the immune system.

Kite’s senior VP and global head of cell therapy research Francesco Marincola left the Gilead CAR-T unit last week for Sonata Therapeutics. Flagship last May unveiled the startup, which was pieced together from two fledgling biotechs Inzen and Cygnal Therapeutics. As CSO, Marincola will lead Sonata’s push to reprogram cancer cells to make them more immunogenic.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 163,400+ biopharma pros reading Endpoints daily — and it's free.

FDA in­di­cates will­ing­ness to ap­prove Bio­gen ALS drug de­spite failed PhI­II study

Ahead of Wednesday’s advisory committee hearing to discuss Biogen’s ALS drug tofersen, the FDA appeared open to approving the drug, newly released briefing documents show.

Citing the need for flexibility in a devastating disease like ALS, regulators signaled a willingness to consider greenlighting tofersen based on its effect on a certain protein associated with ALS despite a failed pivotal trial. The documents come after regulatory flexibility was part of the same rationale the agency expressed when approving an ALS drug last September from Amylyx Pharmaceuticals, indicating the FDA’s openness to approving new treatments for the disease.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 163,400+ biopharma pros reading Endpoints daily — and it's free.

NIH re­jects an­oth­er at­tempt to 'march-in' on Astel­las' prostate can­cer drug over ex­ces­sive price

The National Institutes of Health has again declined to use so-called “march-in” rights to lower the price of Astellas and Pfizer’s prostate cancer drug Xtandi despite being invented at UCLA with grants from the US Army and NIH.

“Given the remaining patent life and the lengthy administrative process involved for a march-in proceeding, NIH does not believe that use of the march-in authority would be an effective means of lowering the price of the drug,” NIH told prostate cancer patients Robert Sachs and Clare Love, in a letter shared with Endpoints News. The institutes’ analyses found Xtandi “to be widely available to the public,” an indication that there was not a pressing need for the US to act.