Ransomware attack hit clinical trials software player ERT — two weeks later, they’re coming back online
One of the largest biomedical ransomware attacks in US history was revealed last week, when IT systems at 250 locations in a major American hospital chain fell victim to faceless extortionists — forcing them to take systems offline, directing staff to work off pen and paper, and bringing in outside security consultants to mitigate the damage.
Turns out that a week prior, on Sept. 20, a similar, much smaller attack befell eResearchTechnology, a leading clinical trial software provider to CROs and sponsors.
That Sunday, staff at ERT were locked out of crucial data and realized they were under a ransomware attack. “Our network team identified the issue quickly, and we took our systems offline,” Drew Bustos, ERT’s VP of marketing, told me in an interview.
The CRO giant IQVIA, who uses ERT software in some of the trials they run for sponsors, acknowledged the incident in a statement to Endpoints News and said it had a limited impact on operations. “[IQVIA] implemented backup protocols immediately to ensure the continuity and integrity of several ongoing trials that use ERT, and we notified affected sponsors accordingly. The current technical issues affecting ERT have not infiltrated any IQVIA systems.”
Bustos told me that no clinical source data was impacted at ERT and that the majority of their systems are now back online.
The IQVIA statement confirms no sensitive data have been compromised, but that an investigation is still ongoing: “At this point in the investigation, we are not aware of any confidential data or patient information, related to our clinical trial activities, which have been removed, compromised or stolen.”
The incident raises questions on the biopharma industry’s preparedness to deal with severe cyberattacks that could endanger the integrity of clinical trials and other data-rich R&D efforts.
“The ability for companies to quickly withstand this kind of attack is completely dependent on how good your IT is to begin with,” said Eric Perakslis, who has served as the FDA’s CIO and held senior IT positions at J&J and Takeda, and is now a Rubenstein Fellow at Duke University.
While Perakslis isn’t privy to any of the details behind this particular attack, he reiterated that a rigorous and frequently tested backup system greatly reduces risk to ransomware. “If your data is backed up every evening at 5pm, and you test it knowing it can all be restored by 8am the next morning, that’s basic IT hygiene,” he told me.
Money is the motivating factor behind most ransomware attacks. “We’re gonna cut you off from your data and transactions until we get paid,” is how Perakslis described it to me. This summer the medical school at UCSF paid $1.14M — in virtually untraceable Bitcoin — to extortionists in exchange for a tool to unlock their data.
Bustos declined to say whether ERT paid any ransom to the hackers, nor would he identify the outside security experts brought in to mitigate the issue. He notes the company has taken steps to prevent a similar incident in the future. “We’re following the advice of a world-class security firm, and adopting their best practices to augment our existing defenses.”
“It’s something that’s unfortunate and nobody wants to be impacted by cybersecurity issues. But it is something that we feel that we are working towards remediation,” he added.
The incident was first reported by the New York Times.