COVID-19 Research Company Hit by Ransomware

Posted inCyber Security, Malware, Ransomware

Cyber attacks on the healthcare industry continue to rise during the COVID-19 pandemic. The latest attack may have slowed down coronavirus research worldwide.

Over the last few weeks, the healthcare industry has been in the limelight. Several medical facilities and healthcare groups have been hit by ransomware attacks. We have discussed how the healthcare industry is a soft target, that they need to dedicate more of their budgets to cyber security, and that these attacks can be crippling and even cause death in patients. This issue isn’t going anywhere, and the latest victim, eResearchTechnology, says their attack slowed down COVID-19 research. The impact is potentially worldwide.

eResearchTechnology is a Philadelphia-based medical software company. Their software, which provides tools for conducting clinical trials, is utilized by pharma companies around the globe. This includes the trials for COVID-19 vaccines. The attack started on September 20, at which point systems were taken offline. The company says the threat is contained and they are in recovery mode. Motivation for these attacks is currently unknown, although the attacker could range from anyone who is financially motivated to someone who is backed by a nation-state looking to gain an advantage in coronavirus research.

The company was forced to switch to pen and paper for tracking patient data when systems were taken offline, bringing the entire process to a screeching halt. Which poses a problem for any company using its software worldwide. eResearchTechnology was involved in tracking 75% of drug approval trials in 2019. IQVIA and Bristol Myers Squibb were both impacted, but Pfizer and Johnson & Johnson state they have not seen any impact at this time. The two impacted companies mentioned that thanks to data backups, the impact was minimal, which cannot be said for each company affected by this attack.

“There’s been an intense upscale in attacks,” Chloé Messdaghi, vice president of strategy at Point3 Security told Threatpost. “Anything connected to sensitive data for COVID-19 is definitely under threat by foreign nation-state actors or foreign competing companies looking to find usable information. Or, it could be an individual attacker or a group of attackers trying to collect money. Attackers understand this has exceptional worth because the companies are very well positioned financially, and that clinical trials make a quick payoff very advantageous.”

There are a few things to take away from this attack.

  1. Attacks on the soft healthcare industry are not going anywhere anytime soon. In fact, they will continue to escalate amid the pandemic. The longer we have COVID-19, the more attacks we will see. This is because the healthcare industry is so strained with all they are trying to do to care for people, they simply do not have the time to put into figuring out where fragility lies. They also have not had time to revise budgets to bring in experts to help, and likely won’t be able to do that for some time.
  2. The importance of having data backups is critical. Especially in this particular instance because research is completely reliant on data, but in all cases.
  3. Every company should have a backup plan in place in case of an outage or a breach. Especially for mission critical business functions. Our world used to function without technology, which means it still can if the proper methods are utilized.
  4. Bad actors and nation states don’t care about anything but furthering their own agendas. Most people and business leaders already know this, but this particular attack highlights that aspect of their character. They care more about money or getting ahead in the vaccine trials (which equates to more money) than they do about the rest of humanity. Remember the woman in Germany who died because her closest hospital was under attack? She was sent elsewhere with a life-threatening condition and died as a result.

Ransomware attacks on the healthcare industry are an atrocity. But for the attacker, it can be an easy win because the industry needs to access its technology in order to provide the best care for patients. Still, even if they want to pay the ransom, the victim organization may struggle to pay that ransom due to recent warnings from the U.S. Treasury Department. Which leads to why having proper incident response matters, and why it’s important to include more than just technical people on your response team.

The eResearchTechnology attack showcases how easily third parties and customers can be affected by a single attack. Kind of like how coronavirus spread like wildfire across the globe. The analogy fits, and, ironically, shutting down the attack won’t be nearly as difficult as shutting down COVID-19.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY