Ransomware scum hit Japanese pharma giant Eisai Group
Some servers encrypted in weekend attack, but product supply not affected
Japanese pharma giant Eisai today confirmed to The Register that "there is no imminent risk of stock shortage" after it was hit by ransomware at the weekend.
Eisai's European comms person told us it has a global stocking policy that means it always has more than three months of supply at any given time.
Its Japanese parent group confirmed earlier this week it had taken offline "certain systems" both inside and outside of Japan, including "logistics systems" after some of its servers were encrypted by ransomware. The attack was detected late at night on Saturday, June 3.
However, Eisai told The Register today, its manufacturing site in Hatfield, England, continues to operate as normal with UK systems unaffected by the cyber attack. A spokesperson told The Reg: "Wider aspects of Eisai's supply chain outside of the EU are experiencing some disruption. However, under Eisai's human health care philosophy, where first thoughts are always with patients, we operate with a > three month stocking policy."
They added: "Whilst there are a minimal number of stock keeping units below this level, replenishment of these is possible without input from affected sites."
According to its website, Eisai has a production division that consists of nine manufacturing sites around the world, including three in Japan, two in China, one in India, one in Indonesia, and one in Baltimore in the US. Its 60,000m2 facility in the UK's Hertfordshire is described on its website as a "global production center" that shifts supply to "countries in the Middle East, Africa, the Americas and Asia in addition to Europe."
The parent group statement said that the company's corporate websites and email systems were operational, and it was investigating the "possibility of data leakage."
"We immediately implemented our incident response plan and launched an investigation with the aid of our cybersecurity partners. A company-wide task force was convened to rapidly work on response procedures."
We asked the pharmaceutical giant whether it paid a ransom and it responded: "While the ransomware incident is being investigated by our cyber security team and law enforcement, no further details can be shared. Eisai prides itself on transparent communications with all stakeholders and further updates will be provided as more information becomes available."
Eisai has a focus on neurology and oncology, with a cancer product portfolio that includes Lenvima, a first-line treatment for patients with advanced renal cell carcinoma, and anti-cancer agent Halaven. It also makes Aricept, a treatment for dementia linked to Alzheimer's disease, and developed and sells anti-epileptic drug Fycompa, also known as Perampanel. It's active in R&D and is currently running several joint projects and trials, one with pharma giant Merck, and has a strategic collaboration in place with Bristol Myers Squibb as well as research partnerships with various academic institutions.
- Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout
- Healthcare org with over 100 clinics uses OpenAI's GPT-4 to write medical records
- Identity thieves can hunt us for 'rest of our lives,' claims suit after university data leak
- Clop ransomware crew sets June extortion deadline for MOVEit victims
"We deeply apologize for any inconvenience and worry this may have caused to our partners and stakeholders," the statement says, adding that it is working "with external experts and law enforcement in an effort to protect its systems and to make a successful recovery."
The Tokyo-based company reported ¥744.402 billion ($5.3 billion) in revenue in fiscal 2022 [PDF], down 1.6 percent on 2021, and operating profits of ¥40.04 billion ($290 million).
The Japanese giant acquired one of the US's bigger biotech firms, MGI Pharma, for $3.9 billion back in 2008, with reports at the time saying it was part of a push to "increase its foothold in the fast-growing cancer drug business and its international presence." According to its last annual financial report [PDF], Eisai recently put into operation its Deep Human Biology Learning (DHBL) drug discovery and development system for Eisai's focus fields of neurodegenerative diseases and refractory cancers, those which are resistant to treatment, as well as "the global health field including neglected tropical diseases."
Eisai said that it was investigating whether the attack would have an impact on its earnings forecast for the latest fiscal year.
No ransomware group has yet stepped forward to take responsibility.
The attack on Eisai is the latest in a string of ransomware blitzes targeting the biotech and pharma sector. In April, molecular diagnostics player Enzo BioTech admitted in a filing with the SEC that the clinical test information of roughly 2.47 million individuals had been stolen by ransomware thieves. In July last year, meanwhile, private data – including names, addresses, social security numbers, and health records – for more than 1.9 million people was exposed during a ransomware infection of Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups.
One of the worst cases in recent years was the 2017 NotPetya infection of pharma giant Merck. After much back and forth with insurers over whether it could avoid paying up using "act of war" clauses – the argument that the crooks may have been state actors – in May this year, a US court ruled that Merck's insurers can't deny it an enormous payout, meaning Merck may finally score its $1.4 billion under a comprehensive insurance plan. ®