Charles River Labs, an outsourced researcher to the pharmaceutical and biotechnology industries, has suffered a data breach by a “highly sophisticated, well-resourced intruder,” the company disclosed in an 8-K filing earlier this week.
The $2.3 billion, Wilmington, Mass.-based contractor said it first detected “unusual activity” in its network some six weeks ago. In an internal investigation Charles River discovered that data from roughly one percent of its client base had been copied in the break-in.
Charles River didn’t say if its postmortem audit, which includes cybersecurity experts and the feds, had produced a preliminary or conclusive estimate of the amount of data copied or if the material is of unusual value. It did say it “began to promptly implement a comprehensive containment and remediation plan,” following discovery of the cyber burglary.
At this point, the hack’s financial impact is uncertain. “The percentage of clients affected does not necessarily equate to the potential revenue or financial impact related to this incident, which the company has yet to determine,” the filing reads. “There is no indication at this time that any of the client data the company has identified as having been accessed during this incident was deleted, corrupted, or altered. Charles River has taken steps to contact all clients whose data is known to have been copied,” officials said.
The big pharma researcher said it had implemented a number of actions to safeguard against future intrusions, including adding enhanced security features and monitoring procedures to protect its client data. However, the company conceded that while it has “taken substantial steps to minimize unauthorized access into its information systems,” it has yet to fully shore up its systems against future attacks. “Until its ongoing remediation process is complete, the company will be unable to determine that this incident has been entirely remediated." In the meantime, Charles River believes it has "closed the point of entry employed by the intruder in connection with this incident,” officials said.
Hacks aimed at the pharmaceutical industry have climbed 150 percent in the past year, putting pharma at the top of the list of industries targeted by hackers with nearly 300 incidents, according to a Proofpoint study. The most prominent attack on a pharmaceutical giant occurred a year and a half ago in the NotPetya ransomware blitz that hit Merck to the tune of $275 million in losses for insurers covering the company.