Eisai is latest pharma to suffer ransomware attack

Kevin Ku

Japanese pharma group Eisai says it is battling a ransomware attack that was launched last weekend and has resulted in some of its servers becoming encrypted.

The attack has affected servers both within and outside Japan, and resulted in some of the group’s IT functions, including logistics systems, being taken off line. For now, it says the corporate websites and email services remain operational, and there’s no clear indication yet whether sensitive data has been leaked.

At the time of writing, it’s not clear if the attack is linked to another data theft hack that has affected a growing number of organisations around the world, including the BBC, UK payroll and human resources company Zellis, British Airways, and Aer Lingus.

Security specialist Bleeping Computer has said that the Clop ransomware gang has claimed responsibility for that attack, which has resulted in personal data and possibly bank details being stolen. No ransom demands have been made public as yet, likely because the gang is still sifting through the data to find information that could give it leverage.

The Clop attack exploited a vulnerability in MOVEit Transfer Tool, software designed to securely move files marketed by Progress Software.

Eisai said in a statement that it has set up a company-wide task force to mitigate the situation, and is working on recovery with its cybersecurity partners, as well as talking to law enforcement.

“Any potential impact of this incident on the consolidated earnings forecast of this fiscal year is currently under careful examination,” it said. “If determined that revisions are necessary, an announcement will be made as soon as possible.”

The most notorious ransomware attack on a pharma group is arguably the 2017 case involving Merck & Co, which has been estimated to have cost the company upwards of $1 billion to remedy.

Last year, Merck won a lengthy dispute with insurers who refused to pay a $1.4 billion claim by the drugmaker, claiming they were exempt because it was effectively an act of war, coming in the wake of Russia’s military intervention in Ukraine which started in 2014.

Merck won its case, arguing successfully that exclusion clauses in its policies covered armed conflict and not cyber warfare.

Other recent cases involving pharma companies included an attack on Novartis a year ago, which resulted in the theft of R&D information that was up for sale on the Dark Web. Charles River Laboratories, Bayer, and Fresenius have also been hit in the last few years.

The Eisai case serves as another reminder that, as pharmaceutical companies move towards greater digitalisation and the storage of more valuable data, digital security practices become more mission critical.

Photo by Kevin Ku on Unsplash.