Expert Insight On Clinical Trials Hit By Ransomware Attack On Health Tech Firm

A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. The attack on eResearchTechnology, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper. Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus. ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.

More information: https://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.htmlhttps://www.foxbusiness.com/technology/health-tech-firm-testing-coronavirus-treatments-hit-by-ransomware-attack

Experts Comments

October 05, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
Unfortunately, cybercriminals tend to target those who are most vulnerable. In this case, eResearchTechnology were vulnerable from a resource perspective as they prioritised the fight against the pandemic over their cybersecurity. This serves as a pertinent reminder for all organisations that the best defence is to adopt security monitoring tools to detect threats from manifesting in the first place. In the unfortunate case that they do, monitoring tools can provide insight into the root cause.....Read More
Unfortunately, cybercriminals tend to target those who are most vulnerable. In this case, eResearchTechnology were vulnerable from a resource perspective as they prioritised the fight against the pandemic over their cybersecurity. This serves as a pertinent reminder for all organisations that the best defence is to adopt security monitoring tools to detect threats from manifesting in the first place. In the unfortunate case that they do, monitoring tools can provide insight into the root cause of the event which organisations can learn from to prevent future incidents. What’s more, organisations should invest in building a robust Business Continuity Plan. That means having regular backups, version control and thorough testing of disaster recovery procedures. The recent string of attacks means we need to be ever more vigilant and none of us can afford to think that we are exempt from such threats.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.