It turns out that Bayer was not the only pharma company targeted by the Winnti cyberattack believed to have been instituted by hackers tied to the Chinese government. Roche also was a victim.
Roche today confirmed it was hit after being named in an ARD public radio report in Germany discussing the Winnti cyberattack, according to Reuters. The Swiss drugmaker said it had detected and deflected the attack but also acknowledged there have been others.
“Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated,” a company spokesperson said today in an email. “Roche hasn't lost any sensitive personal data of our employees, patients, customers or business partners.”
The company said it works with authorities in the U.S., Europe and Switzerland on cybersecurity threats and shares information with other companies in and out of pharma about “ongoing threats.”
Other companies named in the report included Marriott and Lion Air as well as chemical companies BASF and Shin-Etsu.
Bayer earlier this year also acknowledged it had been hit in the attack that was detected early last year. It said it found no evidence that sensitive data had been tapped. Experts believe the Winnti attack was launched by the Chinese.
While both companies indicated they weren’t seriously compromised by cyberattacks, at least one drugmaker has been. It was in 2017 that Merck & Co. had its API production and some R&D and other systems seriously interrupted by the NotPetya attack. The intrusion, which evidence suggested was launched by Russia, infiltrated Microsoft systems that had not installed a needed security patch.
That attack also interrupted production of Merck's Gardasil, one of its best-selling products, forcing the company to borrow doses from the Centers for Disease Control and Prevention's stockpile to meet demand. In all, the attack cost Merck about $1 billion in lost sales, time and expenses to fix the problem.