Ransomware Attacks Vaccine Management Software Specialist; COVID-19 Trials Unaffected

A technology developer whose software is being used to manage clinical trials of potential coronavirus (COVID-19) vaccines has been hit by a ransomware attack, the New York Times reported.

The cyber assault on eResearch Technology, a Philadelphia, Pennsylvania-based company that sells a digital platform for drug companies to manage seasonal and epidemic vaccine trials, began roughly two weeks ago, officials said. It’s unclear if any COVID-19 vaccine participants were affected by the cyber extortion.

IQVIA, a researcher involved with AstraZeneca’s COVID-19 vaccine, and Bristol Myers Squibb, which is collaborating on a rapid test for the novel virus, were targeted by the cyber extortionists, according to reports. Both companies said the attacks were blunted by their data backups but other outfits were less prepared and forced to track trial patients manually, the NYT’s report said. In a statement, IQVIA said it was “not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”

As in most ransomware attacks, the perpetrators remain unknown. ERT did not disclose the nature of the hacker’s ransom demands or if it had met them.

The ransomware crooks crippled ERT’s computer systems on September 20, when employees said they could not access data on their systems, Drew Bustos, ERT’s marketing vice president, told the NYT. The developer responded by taking its network down and bringing in security specialists to assess and help mitigate the damage. It's unclear if managed security service providers (MSSPs) are specifically involved in the investigation and recovery effort. ERT also notified the Federal Bureau of Investigation of the breach, he said.

“Nobody feels great about these experiences, but this has been contained,” Bustos reportedly said. ERT is in the process of bringing its systems back online, he said.

ERT: New CEO Arrives

Word of the ransomware attack arrived just ahead of ERT’s hiring Joe Eazor as its new president and chief executive. Eazor last served in a similar role at Conifer Health Solutions, and previously as CEO of Rackspace Technology and as CEO of Earthlink. He previously held senior executive positions at Oracle, EMC, Hewlett-Packard, and Electronic Data Systems, including global P&L responsibility for the $22 billion HP Enterprise Services division. Eazor has not commented publicly on the ransomware attack.

The ERT incident follows by a week a large scale cyber kidnapping that hit Universal Health Services, an $11.4 billion hospital and healthcare service provider with some 400 facilities in the U.S., Puerto Rico and the United Kingdom that serves 3.5 million patients annually. The Ryuk ransomware, which a year ago was used in a cyber blast on three Alabama hospitals managed by DCH Health System, was allegedly involved in the ERT hijack.

Last July, American, British and Canadian national security officials fingered the notorious, Kremlin-linked cyber crew CozyBear, also known as APT29, of trying to steal intelligence and supply chain information from research facilities and healthcare organizations engaged in COVID-19 vaccine development.

In another incident from last May, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned Chinese government-backed hackers to lay off trying to steal COVID-19 related intellectual property and public health data from healthcare organizations and research organizations involved in vaccine development. “We are seeing adversaries that are targeting our pharmaceutical companies, pharmaceutical research, laboratories, testing, and really out into the future manufacturing of the vaccine systems and the distribution of vaccines,” a CISA official said at the time.