A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced clinicians to track their patients with pen and paper after locking the researchers out of their data.
Coronavirus research facilities affected by ransomware attack
Several coronavirus research facilities were affected by ransomware, an attack that encrypts the victim’s data and demands payment to unlock it.
The ransomware attack affected IQVIA, which manages AstraZeneca’s Covid vaccine trial. Bristol Myers Squibb, a drug manufacturer developing a quick test for the virus, was also affected. Both IQVIA and Bristol Myers Squibb said the attack’s impact was limited because they had backed up their data. IQVIA added that it was not aware of any confidential data or patient information related to the clinical trial activities being removed, compromised, or stolen.
Pfizer and Johnson & Johnson, two leading drug manufacturers participating in coronavirus research, were not affected. The German drug manufacturer said that ERT technology was not used in Pfizer’s Phase 1/2/3 Covid-19 vaccines.
eResearch Technology ransomware attack timeline
According to Drew Bustos, the company’s Marketing Vice President, ERT pulled its systems offline during the Sept 20 ransomware attack. ERT also invited third-party cybersecurity experts and FBI officers to analyze the incident. Bustos said that the threat actor behind the ransomware attack was still unknown. However, speculations suggest that Ryuk ransomware was possibly involved. Bustos also refused to comment on whether the company paid the ransom.
The attack was described as “one of the largest medical cyberattacks” in US history. Over a thousand similar incidents have been recorded in various US cities, raising concerns over potential November election meddling by cybercriminal gangs.
Earlier, the FBI and the Department of Homeland Security (DHS) warned that Chinese state-sponsored hackers were trying to steal American coronavirus research intellectual property. South Korea and Vietnam, which are rarely associated with hacking, are also stepping up their coronavirus cyber espionage activities.
The World Health Organization was targeted in March by entities seeking coronavirus response information. Countries leading coronavirus research are prime targets for nation-state actors seeking to steal COVID-19 research information. Consequently, governments such as the US has engaged their militaries and security bodies to block coronavirus-related cyberespionage.
Coronavirus clinical trials disrupted by the ransomware attack
The number of clinical trials affected by the ransomware attack remains unknown. However, ERT software is used in many drug tests across North America, Europe, and Asia. The software is credited with about three-quarters of the Food and Drug Administration (FDA) drug approvals.
Apart from clinical trials, ransomware gangs have targeted other healthcare providers with devastating effects. In August, the ventilator maker, Boyce Technologies Inc., was hit by a DoppelPaymer ransomware attack. Another ransomware attack on Universal Health Services (UHS) affected several branches across the United States a few weeks ago. UHS operates over 400 branches across the United States and the UK. An earlier ransomware attack on University Hospital Düsseldorf, Germany, turned fatal. A critical patient succumbed after the hospital transferred her 20 miles away to Wuppertal after a Russian hacker seized 30 servers at the facility.
Targeting clinical trials in the middle of a global pandemic is a new low, even for ransomware operators.
“Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data. For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen,” says James McQuiggan, a security awareness advocate at KnowBe4. “Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack.”
Commenting on the ransomware attack on covid-19 clinical trials, Saryu Nayyar, Gurucul’s CEO, says:
“Ransomware attacks are not slowing down, and the recent attack on eResearch Technology shows that no organization is safe – no matter what field they’re in. While the attack didn’t directly affect people involved in the clinical trials to develop a vaccine against Covid 19, the damage done may slow down research towards a vaccine, which potentially hurts all of us. Including the attackers.”