Clinical Trial Software Provider Hit with Ransomware Attack

eResearch, a software company from Philadelphia, which sells software used in vital research on Covid-19, was hit with a ransomware attack that has affected many of the company’s clientele, some of which are conducting Covid-19 vaccine trials. In the last year alone, eResearch Technology’s software was used in three quarters of all clinical trials carried out worldwide.

The attack took place on September 20, 2020 forcing trial researchers to move to pen and paper to record patient data. Patient safety was never compromised; however, the attack has slowed progress on clinical trials.

Many more organizations were affected by the attack, IQVIA being among them. This group conducts AstraZeneca’s Covid-19 trials and, although it is unknown to what extent the Covid-19 trials were affected, the attack has caused some disruption at the company. Bristol Myers Squibb, which is also conducting trials related to SARS-CoV-2, has also been affected. Both of these companies said that they had backups of their data which limited the impact of the attack. IQVIA also stated that it found no evidence suggesting any private data from the trials was stolen by the attackers before the use of ransomware to encrypt files. 

In the aftermath of the attack, eResearch Technology shut off selected computer systems and brought in third-party cybersecurity experts to help with the investigation and retrieval of data. The FBI is also conducting an investigation into the attack. Some computers have been offline for two weeks. The New York Times reports that computer systems only started to be brought back online last Friday. The rest of the systems were expected to be restored this week. It remains unknown who is responsible for the attack, what variant of ransomware was used, and if the ransom was paid.

The ransomware attack was made public just days after Universal Health Services announced it has suffered a suspected ransomware attack. All U.S locations were affected by that ransomware attack and due to the loss of its computer systems, many patients had to be directed to alternative healthcare providers. According to figures from cybersecurity firm Emsisoft, at least 53 ransomware attacks have been reported by U.S healthcare providers in 2020 alone. Over 500 hospitals are known to have been affected by those attacks.

Author: Maria Perez