Roche, like Bayer, was hit in Winnti cyberattack 

Roche has acknowledged it, like Bayer, was target of a cyberattack known as Winnti, which experts say appeared to be launched by Chinese hackers. (Pixabay)

It turns out that Bayer was not the only pharma company targeted by the Winnti cyberattack believed to have been instituted by hackers tied to the Chinese government. Roche also was a victim. 

Roche today confirmed it was hit after being named in an ARD public radio report in Germany discussing the Winnti cyberattack, according to Reuters. The Swiss drugmaker said it had detected and deflected the attack but also acknowledged there have been others.

“Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated,” a company spokesperson said today in an email. “Roche hasn't lost any sensitive personal data of our employees, patients, customers or business partners.” 

Free Daily Newsletter

Like this story? Subscribe to FiercePharma!

Biopharma is a fast-growing world where big ideas come along daily. Our subscribers rely on FiercePharma as their must-read source for the latest news, analysis and data on drugs and the companies that make them. Sign up today to get pharma news and updates delivered to your inbox and read on the go.

RELATED: Bayer, after cyberattack, finds 'no evidence' hackers obtained data

The company said it works with authorities in the U.S., Europe and Switzerland on cybersecurity threats and shares information with other companies in and out of pharma about “ongoing threats.” 

Other companies named in the report included Marriott and Lion Air as well as chemical companies BASF and Shin-Etsu.

Bayer earlier this year also acknowledged it had been hit in the attack that was detected early last year. It said it found no evidence that sensitive data had been tapped. Experts believe the Winnti attack was launched by the Chinese. 

RELATED: Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B 

While both companies indicated they weren’t seriously compromised by cyberattacks, at least one drugmaker has been. It was in 2017 that Merck & Co. had its API production and some R&D and other systems seriously interrupted by the NotPetya attack. The intrusion, which evidence suggested was launched by Russia, infiltrated Microsoft systems that had not installed a needed security patch.

That attack also interrupted production of Merck's Gardasil, one of its best-selling products, forcing the company to borrow doses from the Centers for Disease Control and Prevention's stockpile to meet demand. In all, the attack cost Merck about $1 billion in lost sales, time and expenses to fix the problem.

Suggested Articles

A suspected cancer-causing impurity that has been found in some blood pressure medicines has now shown up in Zantac and some OTC antacids.

Roche is steamrolling with Ocrevus, and to maintain that lead, its touting long-term data that show the earlier it’s given, the better patients do.

New data shows a significant reduction in relapse rates in patients taking Novartis' repurposed cancer drug ofatumumab.