Ransomware attack hit clinical trials software player ERT — two weeks later, they're coming back online - Endpoints News

sumurbelakang.blogspot.com

One of the largest bio­med­ical ran­somware at­tacks in US his­to­ry was re­vealed last week, when IT sys­tems at 250 lo­ca­tions in a ma­jor Amer­i­can hos­pi­tal chain fell vic­tim to face­less ex­tor­tion­ists — forc­ing them to take sys­tems of­fline, di­rect­ing staff to work off pen and pa­per, and bring­ing in out­side se­cu­ri­ty con­sul­tants to mit­i­gate the dam­age.

Turns out that a week pri­or, on Sept. 20, a sim­i­lar, much small­er at­tack be­fell eRe­searchTech­nol­o­gy, a lead­ing clin­i­cal tri­al soft­ware provider to CROs and spon­sors.

Drew Bus­tos

That Sun­day, staff at ERT were locked out of cru­cial da­ta and re­al­ized they were un­der a ran­somware at­tack. “Our net­work team iden­ti­fied the is­sue quick­ly, and we took our sys­tems of­fline,” Drew Bus­tos, ERT’s VP of mar­ket­ing, told me in an in­ter­view.

The CRO gi­ant IQVIA, who us­es ERT soft­ware in some of the tri­als they run for spon­sors, ac­knowl­edged the in­ci­dent in a state­ment to End­points News and said it had a lim­it­ed im­pact on op­er­a­tions. “[IQVIA] im­ple­ment­ed back­up pro­to­cols im­me­di­ate­ly to en­sure the con­ti­nu­ity and in­tegri­ty of sev­er­al on­go­ing tri­als that use ERT, and we no­ti­fied af­fect­ed spon­sors ac­cord­ing­ly. The cur­rent tech­ni­cal is­sues af­fect­ing ERT have not in­fil­trat­ed any IQVIA sys­tems.”

Bus­tos told me that no clin­i­cal source da­ta was im­pact­ed at ERT and that the ma­jor­i­ty of their sys­tems are now back on­line.

The IQVIA state­ment con­firms no sen­si­tive da­ta have been com­pro­mised, but that an in­ves­ti­ga­tion is still on­go­ing: “At this point in the in­ves­ti­ga­tion, we are not aware of any con­fi­den­tial da­ta or pa­tient in­for­ma­tion, re­lat­ed to our clin­i­cal tri­al ac­tiv­i­ties, which have been re­moved, com­pro­mised or stolen.”

The in­ci­dent rais­es ques­tions on the bio­phar­ma in­dus­try’s pre­pared­ness to deal with se­vere cy­ber­at­tacks that could en­dan­ger the in­tegri­ty of clin­i­cal tri­als and oth­er da­ta-rich R&D ef­forts.

Er­ic Per­ak­slis

“The abil­i­ty for com­pa­nies to quick­ly with­stand this kind of at­tack is com­plete­ly de­pen­dent on how good your IT is to be­gin with,” said Er­ic Per­ak­slis, who has served as the FDA’s CIO and held se­nior IT po­si­tions at J&J and Take­da, and is now a Ruben­stein Fel­low at Duke Uni­ver­si­ty.

While Per­ak­slis isn’t privy to any of the de­tails be­hind this par­tic­u­lar at­tack, he re­it­er­at­ed that a rig­or­ous and fre­quent­ly test­ed back­up sys­tem great­ly re­duces risk to ran­somware. “If your da­ta is backed up every evening at 5pm, and you test it know­ing it can all be re­stored by 8am the next morn­ing, that’s ba­sic IT hy­giene,” he told me.

Mon­ey is the mo­ti­vat­ing fac­tor be­hind most ran­somware at­tacks. “We’re gonna cut you off from your da­ta and trans­ac­tions un­til we get paid,” is how Per­ak­slis de­scribed it to me. This sum­mer the med­ical school at UCSF paid $1.14M — in vir­tu­al­ly un­trace­able Bit­coin — to ex­tor­tion­ists in ex­change for a tool to un­lock their da­ta.

Bus­tos de­clined to say whether ERT paid any ran­som to the hack­ers, nor would he iden­ti­fy the out­side se­cu­ri­ty ex­perts brought in to mit­i­gate the is­sue. He notes the com­pa­ny has tak­en steps to pre­vent a sim­i­lar in­ci­dent in the fu­ture. “We’re fol­low­ing the ad­vice of a world-class se­cu­ri­ty firm, and adopt­ing their best prac­tices to aug­ment our ex­ist­ing de­fens­es.”

“It’s some­thing that’s un­for­tu­nate and no­body wants to be im­pact­ed by cy­ber­se­cu­ri­ty is­sues. But it is some­thing that we feel that we are work­ing to­wards re­me­di­a­tion,” he added.

The in­ci­dent was first re­port­ed by the New York Times.

Let's block ads! (Why?)

"later" - Google News
October 05, 2020 at 06:10PM
https://ift.tt/3lgo5AQ

Ransomware attack hit clinical trials software player ERT — two weeks later, they're coming back online - Endpoints News
"later" - Google News
https://ift.tt/2KR2wq4


Bagikan Berita Ini