Expert Insight On Clinical Trials Hit By Ransomware Attack On Health Tech Firm

By   ISBuzz Team
Writer , Information Security Buzz | Oct 05, 2020 08:39 am PST

A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks. The attack on eResearchTechnology, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper. Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus. ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.

More information:

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
October 5, 2020 4:39 pm

Unfortunately, cybercriminals tend to target those who are most vulnerable. In this case, eResearchTechnology were vulnerable from a resource perspective as they prioritised the fight against the pandemic over their cybersecurity. This serves as a pertinent reminder for all organisations that the best defence is to adopt security monitoring tools to detect threats from manifesting in the first place. In the unfortunate case that they do, monitoring tools can provide insight into the root cause of the event which organisations can learn from to prevent future incidents. What’s more, organisations should invest in building a robust Business Continuity Plan. That means having regular backups, version control and thorough testing of disaster recovery procedures. The recent string of attacks means we need to be ever more vigilant and none of us can afford to think that we are exempt from such threats.

Last edited 3 years ago by Niamh Muldoon

Recent Posts

Would love your thoughts, please comment.x