Merck, insurers fight over $1.3B in damages from cyberattack: Bloomberg

courthouse
Merck has disclosed hundreds of millions of dollars of damage from a 2017 cyberattack. (Pixabay)

When Merck first confirmed a cyberattack hit the company back in June 2017, it was impossible to know the extent of the damage or what would come from the attack. But those details are a little clearer now, thanks to a Bloomberg report about the weeks that followed the hack and a dispute between the drugmakers and insurers over liability. 

After the attack, there was “nothing being done” at the drugmaker for two weeks, a temporary employee at the company told the news service. Employees’ screens were dark, and some watched videos on their cellphones. The NotPetya attack affected 30,000 computers at the drugmaker, according to a source cited in the report. 

Merck suffered hundreds of millions in damages. In its 2018 annual report (PDF), the company said the attack “led to a disruption of its worldwide operations, including manufacturing, research and sales operations.” A vaccine plant went down, and Merck had to borrow Gardasil 9 doses from the U.S.' strategic stockpile to fulfill orders. In all, the company said it lost potential sales of $410 million in 2017 and 2018, and it had to pay other hack-related expenses of $285 million on top of that. Merck has recovered insurance payments of $45 million, according to the document.

Free Webinar

What could you do with real-time supply chain information at your fingertips?

Interested in complete supply chain real-time data visibility? Unlock productivity with digital workflows, manage plants inventory with real-time supply chain information and enable faster decision-making with data visualization with pci | bridge. Register today!

RELATED: Merck targeted in global ransomware attack 

Still, the company said, “there are disputes with certain of the insurers about the availability of some of the insurance coverage for claims related to this incident." And Bloomberg’s report has details of those disputes. The NotPetya attack originated in Russia and was aimed at Ukraine, Bloomberg reports. Merck seemed to be “collateral damage” as the virus infected the company through a server in Ukraine and quickly spread.  

Merck's insurers said the damages were excluded from policies as they arose from an “act of war,” according to the Bloomberg report. In response, Merck has sued for $1.3 billion in damages, and those arguments are now playing out. Lawyers for Merck and insurers declined to comment to Bloomberg.

RELATED: Merck has hardened its defenses against cyberattacks like the one last year that cost it nearly $1B 

Meanwhile, the company has worked to harden its cyber defenses. In its 2018 annual report, Merck said it has “implemented a variety of measures to further enhance and modernize its systems to guard against similar attacks in the future." With its efforts, Merck aims to “not only to protect against future cyber-attacks, but also to improve the speed” of recoveries.

Suggested Articles

Implementing data integration strategy in your commercialization breaks down traditional healthcare silos and improves patient outcomes.

Roche and Blueprint's RET inhibitor Gavreto has won FDA go-ahead to treat certain types of thyroid cancer, leveling the field with Lilly's Retevmo.

CDMO Sterling Pharma Solutions is plotting a buyout of a U.K.-based antibody-drug conjugate specialist in a new bid at the next-gen cancer fighters.