A ransomware attack on a Philadelphia technology company has disrupted clinical trials being run to develop tests, treatments, and a vaccine for COVID-19.
The attack struck global business eResearchTechnology (ERT) on September 20. The company specializes in clinical services and collects, analyzes, and distributes electronic patient-reported outcomes (ePRO) for all phases of clinical research.
As a result of the cyber-incident, trial researchers were unable to access data electronically and had to revert to pen and paper to track their patients. While the attack didn't ruin any trials being conducted, it has slowed them down.
One company impacted by the attack on ERT was IQVIA, a research organization for hire that is assisting in the management of AstraZeneca’s Covid vaccine trial.
Ramifications of the ransomware strike were also experienced by drug maker Bristol Myers Squibb, which is leading an alliance of companies in the quest to create a quick test for COVID-19.
ERT said that backing up their data in advance had helped to limit the impact of the ransomware attack. The company has not revealed the total number of medical trials that were affected by the incident.
Software developed by ERT is used in drug trials across Asia, Europe, and North America. The company states on its website that it has been involved in 50% of all FDA approvals since 2013.
ERT’s vice president of marketing, Drew Bustos, told the New York Times on Friday that the company had taken its systems offline as a precaution on September 20 after the ransomware attack was discovered.
“Nobody feels great about these experiences, but this has been contained,” said Bustos.
The incident, which has been reported to the FBI, is yet to be linked to any particular criminal ransomware group. How much money was demanded and whether the demand was met have not been revealed by ERT.
Bustos said that ERT had begun bringing its systems back online on Friday.
Michael Rezek, VP of cybersecurity at Accedian, commented: "We’re facing a year of unprecedented security breaches. To save time, money, and in the healthcare industry, lives, enterprises need to make sure they’re equipped with the right tools to combat hackers."