A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.
The attack on eResearchTechnology Inc., which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.
Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s COVID vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus.
ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.
On Friday, Drew Bustos, ERT’s vice president of marketing, confirmed that its systems had been seized by ransomware on Sept. 20. As a precaution, Bustos said the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation.
“Nobody feels great about these experiences, but this has been contained,” Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days.
Bustos said it was still too early to say who was behind the attack. He declined to say whether the company paid its extortionists.
The attack on ERT follows another major ransomware attack last weekend on Universal Health Services, a major hospital chain with more than 400 locations, many in the United States.