Roche, like Bayer, was hit in Winnti cyberattack 

Roche has acknowledged it, like Bayer, was target of a cyberattack known as Winnti, which experts say appeared to be launched by Chinese hackers. (Pixabay)

It turns out that Bayer was not the only pharma company targeted by the Winnti cyberattack believed to have been instituted by hackers tied to the Chinese government. Roche also was a victim. 

Roche today confirmed it was hit after being named in an ARD public radio report in Germany discussing the Winnti cyberattack, according to Reuters. The Swiss drugmaker said it had detected and deflected the attack but also acknowledged there have been others.

“Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated,” a company spokesperson said today in an email. “Roche hasn't lost any sensitive personal data of our employees, patients, customers or business partners.” 

Free Daily Newsletter

Like this story? Subscribe to FiercePharma!

Biopharma is a fast-growing world where big ideas come along daily. Our subscribers rely on FiercePharma as their must-read source for the latest news, analysis and data on drugs and the companies that make them. Sign up today to get pharma news and updates delivered to your inbox and read on the go.

RELATED: Bayer, after cyberattack, finds 'no evidence' hackers obtained data

The company said it works with authorities in the U.S., Europe and Switzerland on cybersecurity threats and shares information with other companies in and out of pharma about “ongoing threats.” 

Other companies named in the report included Marriott and Lion Air as well as chemical companies BASF and Shin-Etsu.

Bayer earlier this year also acknowledged it had been hit in the attack that was detected early last year. It said it found no evidence that sensitive data had been tapped. Experts believe the Winnti attack was launched by the Chinese. 

RELATED: Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B 

While both companies indicated they weren’t seriously compromised by cyberattacks, at least one drugmaker has been. It was in 2017 that Merck & Co. had its API production and some R&D and other systems seriously interrupted by the NotPetya attack. The intrusion, which evidence suggested was launched by Russia, infiltrated Microsoft systems that had not installed a needed security patch.

That attack also interrupted production of Merck's Gardasil, one of its best-selling products, forcing the company to borrow doses from the Centers for Disease Control and Prevention's stockpile to meet demand. In all, the attack cost Merck about $1 billion in lost sales, time and expenses to fix the problem.

Suggested Articles

With momentum building in Pfizer’s gene therapy programs, it has bought a building in North Carolina where it will consolidate clinical manufacturing.

Novo Nordisk had been hoping to show its Tresiba could top Sanofi’s Toujeo in a head-to-head showdown, but it didn't quite get there.

GlaxoSmithKline won an FDA panel recommendation for its over-the-counter nicotine spray—but the backing didn’t come easy.