Roche, like Bayer, was hit in Winnti cyberattack 

Roche has acknowledged it, like Bayer, was target of a cyberattack known as Winnti, which experts say appeared to be launched by Chinese hackers. (Pixabay)

It turns out that Bayer was not the only pharma company targeted by the Winnti cyberattack believed to have been instituted by hackers tied to the Chinese government. Roche also was a victim. 

Roche today confirmed it was hit after being named in an ARD public radio report in Germany discussing the Winnti cyberattack, according to Reuters. The Swiss drugmaker said it had detected and deflected the attack but also acknowledged there have been others.

“Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated,” a company spokesperson said today in an email. “Roche hasn't lost any sensitive personal data of our employees, patients, customers or business partners.” 

Whitepaper

Simplify and Accelerate Drug R&D With the MarkLogic Data Hub Service for Pharma R&D

Researchers are often unable to access the information they need. And, even when data does get consolidated, researchers find it difficult to sift through it all and make sense of it in order to confidently draw the right conclusions and share the right results. Discover how to quickly and easily find, synthesize, and share information—accelerating and improving R&D.

RELATED: Bayer, after cyberattack, finds 'no evidence' hackers obtained data

The company said it works with authorities in the U.S., Europe and Switzerland on cybersecurity threats and shares information with other companies in and out of pharma about “ongoing threats.” 

Other companies named in the report included Marriott and Lion Air as well as chemical companies BASF and Shin-Etsu.

Bayer earlier this year also acknowledged it had been hit in the attack that was detected early last year. It said it found no evidence that sensitive data had been tapped. Experts believe the Winnti attack was launched by the Chinese. 

RELATED: Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B 

While both companies indicated they weren’t seriously compromised by cyberattacks, at least one drugmaker has been. It was in 2017 that Merck & Co. had its API production and some R&D and other systems seriously interrupted by the NotPetya attack. The intrusion, which evidence suggested was launched by Russia, infiltrated Microsoft systems that had not installed a needed security patch.

That attack also interrupted production of Merck's Gardasil, one of its best-selling products, forcing the company to borrow doses from the Centers for Disease Control and Prevention's stockpile to meet demand. In all, the attack cost Merck about $1 billion in lost sales, time and expenses to fix the problem.

Suggested Articles

At one point, Novartis even offered up $90 apiece for the inclisiran developer but would later say even $85 was too much, a securities filing shows.

Sanofi spent months hyping its Tuesday investor event, and new CEO Paul Hudson certainly laid out a different vision for the drugmaker at the confab.

After more than 10 years as partners, Sanofi and Regeneron are splitting up their deal to comarket PCSK9 med Praluent and immunology drug Kevzara.