It has been reported that medical products maker Tissue Regenix Group said yesterday that its computer systems and a third-party IT service provider in the United States were accessed without authorization, sending its shares down as much as 22%. The company said it had taken the affected systems offline, appointed external specialists to investigate the incident and was in talks with relevant legal authorities, but did not provide details on when the incident occurred or came to light. The Leeds-based company’s ability to manufacture at its U.S. facility will be hit in the short term while the investigation continues, it said, adding that the incident is not believed to have affected its UK operations or financial systems.
It would be interesting to know how long the attackers had access to their systems, and what data was accessed, stolen or even possibly modified. The investigation will reveal the details of the attack, but whatever the result will be it is refreshing to see news about companies that act quickly and responsibly to investigate the cause and implement a remediation strategy, shut down access to the systems and publicly announce the breach. Every company needs a plan in place as to what steps to take in situations where systems have been breached. Yes, the company’s shares have gone down, but we should keep in mind what it could have meant for the company had they kept quiet about the breach. Not disclosing the incident could result in their customers and suppliers losing trust in the organisation, which would have a far worse financial affect in the end.