Ran­somware at­tack hit clin­i­cal tri­als soft­ware play­er ERT — two weeks lat­er, they’re com­ing back on­line

One of the largest bio­med­ical ran­somware at­tacks in US his­to­ry was re­vealed last week, when IT sys­tems at 250 lo­ca­tions in a ma­jor Amer­i­can hos­pi­tal chain fell vic­tim to face­less ex­tor­tion­ists — forc­ing them to take sys­tems of­fline, di­rect­ing staff to work off pen and pa­per, and bring­ing in out­side se­cu­ri­ty con­sul­tants to mit­i­gate the dam­age.

Turns out that a week pri­or, on Sept. 20, a sim­i­lar, much small­er at­tack be­fell eRe­searchTech­nol­o­gy, a lead­ing clin­i­cal tri­al soft­ware provider to CROs and spon­sors.

Drew Bus­tos

That Sun­day, staff at ERT were locked out of cru­cial da­ta and re­al­ized they were un­der a ran­somware at­tack. “Our net­work team iden­ti­fied the is­sue quick­ly, and we took our sys­tems of­fline,” Drew Bus­tos, ERT’s VP of mar­ket­ing, told me in an in­ter­view.

The CRO gi­ant IQVIA, who us­es ERT soft­ware in some of the tri­als they run for spon­sors, ac­knowl­edged the in­ci­dent in a state­ment to End­points News and said it had a lim­it­ed im­pact on op­er­a­tions. “[IQVIA] im­ple­ment­ed back­up pro­to­cols im­me­di­ate­ly to en­sure the con­ti­nu­ity and in­tegri­ty of sev­er­al on­go­ing tri­als that use ERT, and we no­ti­fied af­fect­ed spon­sors ac­cord­ing­ly. The cur­rent tech­ni­cal is­sues af­fect­ing ERT have not in­fil­trat­ed any IQVIA sys­tems.”

Bus­tos told me that no clin­i­cal source da­ta was im­pact­ed at ERT and that the ma­jor­i­ty of their sys­tems are now back on­line.

The IQVIA state­ment con­firms no sen­si­tive da­ta have been com­pro­mised, but that an in­ves­ti­ga­tion is still on­go­ing: “At this point in the in­ves­ti­ga­tion, we are not aware of any con­fi­den­tial da­ta or pa­tient in­for­ma­tion, re­lat­ed to our clin­i­cal tri­al ac­tiv­i­ties, which have been re­moved, com­pro­mised or stolen.”

The in­ci­dent rais­es ques­tions on the bio­phar­ma in­dus­try’s pre­pared­ness to deal with se­vere cy­ber­at­tacks that could en­dan­ger the in­tegri­ty of clin­i­cal tri­als and oth­er da­ta-rich R&D ef­forts.

Er­ic Per­ak­slis

“The abil­i­ty for com­pa­nies to quick­ly with­stand this kind of at­tack is com­plete­ly de­pen­dent on how good your IT is to be­gin with,” said Er­ic Per­ak­slis, who has served as the FDA’s CIO and held se­nior IT po­si­tions at J&J and Take­da, and is now a Ruben­stein Fel­low at Duke Uni­ver­si­ty.

While Per­ak­slis isn’t privy to any of the de­tails be­hind this par­tic­u­lar at­tack, he re­it­er­at­ed that a rig­or­ous and fre­quent­ly test­ed back­up sys­tem great­ly re­duces risk to ran­somware. “If your da­ta is backed up every evening at 5pm, and you test it know­ing it can all be re­stored by 8am the next morn­ing, that’s ba­sic IT hy­giene,” he told me.

Mon­ey is the mo­ti­vat­ing fac­tor be­hind most ran­somware at­tacks. “We’re gonna cut you off from your da­ta and trans­ac­tions un­til we get paid,” is how Per­ak­slis de­scribed it to me. This sum­mer the med­ical school at UCSF paid $1.14M — in vir­tu­al­ly un­trace­able Bit­coin — to ex­tor­tion­ists in ex­change for a tool to un­lock their da­ta.

Bus­tos de­clined to say whether ERT paid any ran­som to the hack­ers, nor would he iden­ti­fy the out­side se­cu­ri­ty ex­perts brought in to mit­i­gate the is­sue. He notes the com­pa­ny has tak­en steps to pre­vent a sim­i­lar in­ci­dent in the fu­ture. “We’re fol­low­ing the ad­vice of a world-class se­cu­ri­ty firm, and adopt­ing their best prac­tices to aug­ment our ex­ist­ing de­fens­es.”

“It’s some­thing that’s un­for­tu­nate and no­body wants to be im­pact­ed by cy­ber­se­cu­ri­ty is­sues. But it is some­thing that we feel that we are work­ing to­wards re­me­di­a­tion,” he added.

The in­ci­dent was first re­port­ed by the New York Times.

Biotech Half­time Re­port: Af­ter a bumpy year, is biotech ready to re­bound?

The biotech sector has come down firmly from the highs of February as negative sentiment takes hold. The sector had a major boost of optimism from the success of the COVID-19 vaccines, making investors keenly aware of the potential of biopharma R&D engines. But from early this year, clinical trial, regulatory and access setbacks have reminded investors of the sector’s inherent risks.

RBC Capital Markets recently surveyed investors to take the temperature of the market, a mix of specialists/generalists and long-only/ long-short investment strategies. Heading into the second half of the year, investors mostly see the sector as undervalued (49%), a large change from the first half of the year when only 20% rated it as undervalued. Around 41% of investors now believe that biotech will underperform the S&P500 in the second half of 2021. Despite that view, 54% plan to maintain their position in the market and 41% still plan to increase their holdings.

How to col­lect and sub­mit RWD to win ap­proval for a new drug in­di­ca­tion: FDA spells it out in a long-await­ed guid­ance

Real-world data is messy. There can be differences in the standards used to collect different types of data, differences in terminologies and curation strategies, and even in the way data is exchanged.

While acknowledging this somewhat controlled chaos, the FDA is now explaining how biopharma companies can submit study data derived from real-world data (RWD) sources in applicable regulatory submissions, including new drug indications.

Endpoints Premium

Premium subscription required

Unlock this article along with other benefits by subscribing to one of our paid plans.

David Livingston (Credit: Michael Sazel for CeMM)

Renowned Dana-Far­ber sci­en­tist, men­tor and bio­phar­ma ad­vi­sor David Liv­ingston has died

David Livingston, the Dana-Farber/Harvard Med scientist who helped shine a light on some of the key molecular drivers of breast and ovarian cancer, died unexpectedly last Sunday.

One of the senior leaders at Dana-Farber during his nearly half century of work there, Livingston was credited with shedding light on the genes that regulate cell growth, with insights into inherited BRCA1 and BRCA2 mutations that helped lay the scientific foundation for targeted therapies and earlier detection that have transformed the field.

David Lockhart, ReCode Therapeutics CEO

Pfiz­er throws its weight be­hind LNP play­er eye­ing mR­NA treat­ments for CF, PCD

David Lockhart did not see the meteoric rise of messenger RNA and lipid nanoparticles coming.

Thanks to the worldwide fight against Covid-19, mRNA — the genetic code that can be engineered to turn the body into a mini protein factory — and LNPs, those tiny bubbles of fat carrying those instructions, have found their way into hundreds of millions of people. Within the biotech world, pioneers like Alnylam and Intellia have demonstrated just how versatile LNPs can be as a delivery vehicle for anything from siRNA to CRISPR/Cas9.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 120,300+ biopharma pros reading Endpoints daily — and it's free.

Bris­tol My­ers pledges to sell its Ac­celeron shares as ac­tivist in­vestors cir­cle Mer­ck­'s $11.5B buy­out — re­port

Just as Avoro Capital’s campaign to derail Merck’s proposed $11.5 billion buyout of Acceleron gains steam, Bristol Myers Squibb is leaning in with some hefty counterweight.

The pharma giant is planning to tender its Acceleron shares, Bloomberg reported, which add up to a sizable 11.5% stake. Based on the offer price, the sale would net Bristol Myers around $1.3 billion.

To complete its deal, Merck needs a majority of shareholders to agree to sell their shares.

Leen Kawas (L) has resigned as CEO of Athira and will be replaced by COO Mark Litton

Ex­clu­sive: Athi­ra CEO Leen Kawas re­signs af­ter in­ves­ti­ga­tion finds she ma­nip­u­lat­ed da­ta

Leen Kawas, CEO and founder of the Alzheimer’s upstart Athira Pharma, has resigned after an internal investigation found she altered images in her doctoral thesis and four other papers that were foundational to establishing the company.

Mark Litton, the company’s COO since June 2019 and a longtime biotech executive, has been named full-time CEO. Kawas, meanwhile, will no longer have ties to the company except for owning a few hundred thousand shares.

Endpoints Premium

Premium subscription required

Unlock this article along with other benefits by subscribing to one of our paid plans.

Some can­cer pa­tients now have to find oth­er op­tions as Bris­tol My­er­s' Abrax­ane falls in­to short­age from man­u­fac­tur­ing woes

When Beth Hogan, a metastatic pancreatic cancer patient, showed up for her infusion at Yale’s Smilow Cancer Hospital in New Haven, CT on Oct. 11, she said she was informed that day that she would not be receiving Bristol Myers Squibb’s Abraxane, part of her combo treatment, because of a shortage.

“I was told we don’t know when you can have it,” she told Endpoints News via email, adding that she doesn’t expect to receive any Abraxane this coming Monday at her treatment appointment either, and she doesn’t know when things will change.

Michel Vounatsos, Biogen CEO (Credit: World Economic Forum/Valeriano Di Domenico)

Up­dat­ed: Bio­gen sells just $300K worth of Aduhelm in Q3, as ques­tions on long-term vi­a­bil­i­ty re­main

Barely anyone is accessing Biogen’s controversial Alzheimer’s treatment, with the company reporting just $0.3 million in Aduhelm sales in the third quarter. Although investors will be looking to the longer term, when CMS may decide to cover the drug and open the floodgates for more reimbursement, use of the drug is currently stalled.

Since June, when the FDA first signed off on the drug under its accelerated pathway, Biogen said Wednesday that it’s sold a total of $2 million worth of Aduhelm. That’s a far cry from the peak Wall Street sales estimate of about $9 billion in annual sales, and even a ways away from the sell-side consensus of about $17 million in Q3 sales.

Endpoints News

Keep reading Endpoints with a free subscription

Unlock this story instantly and join 120,300+ biopharma pros reading Endpoints daily — and it's free.

Eli Lil­ly or­dered to pay roy­al­ties on block­buster di­a­betes drugs, though ex­act dam­ages are un­clear

A federal court found Eli Lilly in breach of a royalty agreement with an Arizona company, likely sending the case — which deals with Lilly’s blockbuster diabetes drugs — to a trial.

The Arizona District Court ordered Lilly to pay the royalties to Tucson, AZ-based Research Corporation Technologies, per an opinion delivered Tuesday, stemming from a 1990 agreement involving materials used in manufacturing Lilly’s insulin products. Lilly had agreed to pay a 2% royalty on worldwide sales, and the exact amount of damages will be determined in a trial, Judge Scott Rash wrote.