Bayer, after cyberattack, finds 'no evidence' hackers obtained data

Bayer detected a cyberattack in early 2018, but the company says the hack has been contained. (Pixabay)

Nearly two years after Merck suffered a costly cyberattack, Bayer is the latest drugmaker to disclose that it's been targeted by cybercriminals. 

The company said it contained a cyberattack after detecting malicious software called Winnti in early 2018. Bayer says there’s “no evidence” hackers obtained any data. 

“Our experts at the Cyber Defense Center have identified, analyzed and cleaned up the affected systems, working in close collaboration with the German Cyber Security Organization and the State Criminal Police Office of North Rhine-Westphalia,” a spokesman told FiercePharma. “Investigations of the Public Prosecutor’s Office in Cologne are ongoing.”

Bayer’s disclosure comes after Merck’s well-publicized cyberattack back in 2017. The company reported via Twitter in June of that year that it had been targeted by NotPetya software; in that attack, hackers took over computers and demanded a ransom. The ransom ended up being a spoof, as there was no way for users to retrieve their data.  

Merck experienced a “disruption of its worldwide operations, including manufacturing, research and sales operations,” the company disclosed in a recent annual filing with the SEC. The company lost $410 million in sales through 2017 and 2018 due to the attack, plus suffering other expenses of $285 million. Merck is still fighting with certain insurers over claims from the attack. 

It’s clear that pharma companies want to avoid becoming the next cyberattack victim. Merck has upped its defenses in response, the company said in its annual filing with the SEC. Before the Merck attack, hackers gained access to systems at three major European pharma firms between January 2014 and June 2015, security firm Symantec said in a 2016 report. Hackers in each case were financially motivated. 

Suggested Articles

An injection that's under FDA priority review as a monthly HIV therapy can suppress the virus even if given every two months, a phase 3 has shown.

Pfizer and Astellas are chasing a new nod for prostate cancer drug Xtandi, and thanks to the FDA, they might not have to wait that long.

Sanofi lost an appeal challenging the ban on its dengue vaccine Dengvaxia in the Philippines, despite an ongoing outbreak there.