Merck, insurers fight over $1.3B in damages from cyberattack: Bloomberg

Merck has disclosed hundreds of millions of dollars of damage from a 2017 cyberattack. (Pixabay)

When Merck first confirmed a cyberattack hit the company back in June 2017, it was impossible to know the extent of the damage or what would come from the attack. But those details are a little clearer now, thanks to a Bloomberg report about the weeks that followed the hack and a dispute between the drugmakers and insurers over liability. 

After the attack, there was “nothing being done” at the drugmaker for two weeks, a temporary employee at the company told the news service. Employees’ screens were dark, and some watched videos on their cellphones. The NotPetya attack affected 30,000 computers at the drugmaker, according to a source cited in the report. 

Merck suffered hundreds of millions in damages. In its 2018 annual report (PDF), the company said the attack “led to a disruption of its worldwide operations, including manufacturing, research and sales operations.” A vaccine plant went down, and Merck had to borrow Gardasil 9 doses from the U.S.' strategic stockpile to fulfill orders. In all, the company said it lost potential sales of $410 million in 2017 and 2018, and it had to pay other hack-related expenses of $285 million on top of that. Merck has recovered insurance payments of $45 million, according to the document.

Free Webinar

Building a Flexible, Challenge Resistant and Patient Centric Clinical Supply Chain

The global landscape of clinical trials is rapidly changing as studies become more complex. An increasing number of sponsors are seeking enhanced flexibility in their supply chains to address a variety of clinical supply challenges, including patient demand and reducing delays. In this webinar, learn the benefits of utilizing demand-led supply and direct-to-patient distribution models in the clinical supply chain, as well as how they can be used to both improve flexibility and better align with patient needs. Register today!

RELATED: Merck targeted in global ransomware attack 

Still, the company said, “there are disputes with certain of the insurers about the availability of some of the insurance coverage for claims related to this incident." And Bloomberg’s report has details of those disputes. The NotPetya attack originated in Russia and was aimed at Ukraine, Bloomberg reports. Merck seemed to be “collateral damage” as the virus infected the company through a server in Ukraine and quickly spread.  

Merck's insurers said the damages were excluded from policies as they arose from an “act of war,” according to the Bloomberg report. In response, Merck has sued for $1.3 billion in damages, and those arguments are now playing out. Lawyers for Merck and insurers declined to comment to Bloomberg.

RELATED: Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B 

Meanwhile, the company has worked to harden its cyber defenses. In its 2018 annual report, Merck said it has “implemented a variety of measures to further enhance and modernize its systems to guard against similar attacks in the future." With its efforts, Merck aims to “not only to protect against future cyber-attacks, but also to improve the speed” of recoveries.

Suggested Articles

Former Indivior CEO Shaun Thaxter will face six months in federal prison for his role in misleading government officials on the dangers of Suboxone.

As of Friday after local time, 36 people have died in Korea after getting flu shots provided by at least seven companies, including Sanofi.

Two prominent pneumococcal vaccines from Merck and Pfizer are running low in Europe in a possible ill omen for the coming winter: report.