Bayer, after cyberattack, finds 'no evidence' hackers obtained data

Bayer detected a cyberattack in early 2018, but the company says the hack has been contained. (Pixabay)

Nearly two years after Merck suffered a costly cyberattack, Bayer is the latest drugmaker to disclose that it's been targeted by cybercriminals. 

The company said it contained a cyberattack after detecting malicious software called Winnti in early 2018. Bayer says there’s “no evidence” hackers obtained any data. 

“Our experts at the Cyber Defense Center have identified, analyzed and cleaned up the affected systems, working in close collaboration with the German Cyber Security Organization and the State Criminal Police Office of North Rhine-Westphalia,” a spokesman told FiercePharma. “Investigations of the Public Prosecutor’s Office in Cologne are ongoing.”

Bayer’s disclosure comes after Merck’s well-publicized cyberattack back in 2017. The company reported via Twitter in June of that year that it had been targeted by NotPetya software; in that attack, hackers took over computers and demanded a ransom. The ransom ended up being a spoof, as there was no way for users to retrieve their data.  

Merck experienced a “disruption of its worldwide operations, including manufacturing, research and sales operations,” the company disclosed in a recent annual filing with the SEC. The company lost $410 million in sales through 2017 and 2018 due to the attack, plus suffering other expenses of $285 million. Merck is still fighting with certain insurers over claims from the attack. 

It’s clear that pharma companies want to avoid becoming the next cyberattack victim. Merck has upped its defenses in response, the company said in its annual filing with the SEC. Before the Merck attack, hackers gained access to systems at three major European pharma firms between January 2014 and June 2015, security firm Symantec said in a 2016 report. Hackers in each case were financially motivated.