Evotec joins list of recent cyberattack targets in pharma

Evotec SE (Nasdaq:EVO), the German biotechnology company, recently succumbed to a cyberattack. Its Nasdaq shares appeared to be unaffected by the revelation, which described a IT network intrusion occurring on April 6. In a communiqué, the company said it preemptively shut down its IT systems as a result of the attack, disconnecting  them from the internet. Evotec noted that its IT team is currently examining its IT systems to review the scope of the attack. “Highest diligence will be applied to data integrity,” it added in an announcement.  

In an update released on April 10, Evotech said it was working with external IT specialists to investigate the recent cyberattack and maintain business continuity across its global operations. The company has informed relevant authorities and taken IT systems offline to ensure data integrity.

Evotech said it had disconnected selected IT systems, but that it maintains business continuity at all global sites, prioritizing data integrity.

Cyberattack targeting Evotec part of a larger trend

The Evotec network breach follows similar incidents at Sun Pharma (NSE:SUNPHARMA) and Alliance Healthcare in March. 

In early March 2023, Sun Pharma disclosed a ransomware attack that compromised some of its file systems. The company noted that it segregated the impacted IT systems from the internet and discovered the theft of company and personal data.

The cyberattack Alliance Healthcare resulted in shutting down the company’s website, billing systems and ordering processes, hindering Spain’s drug distribution supply chain.

Attacks on the pharma sector have ramped up during the pandemic, highlighting the industry’s vulnerability and the need for robust security measures to protect sensitive information.

Protecting sensitive data: Lessons from recent cyberattacks

Cyber-breaches can be especially expensive, as IBM’s Cost of a Data Breach 2022 report reveals. In 2022, healthcare breach costs reached a record high, averaging $10.10 million per incident. Financial organizations followed with average costs of $5.97 million, and pharmaceuticals at $5.01 million. 

Hamburg, Germany–based Evotec specializes in drug discovery and development. The company’s clients include all of the top 20 pharma companies, according to its website. Sun Pharma is one of the largest generic drugs makers while Alliance Healthcare is a leading pharmaceutical company in Spain, operating as a distributor and clinical trial support provider. 

Cybercriminals have also ramped up their focus on other organizations within the life sciences industry in recent years. A recent Lancet article describes an attack on the Lehigh Valley Health Network (LVHN) in Pennsylvania. Cyber researchers believe that BlackCat, a gang associated with Russia, was behind the incident. In this episode involving the health network, the malicious actors released sensitive clinical images and patient information on the dark web, demanding a ransom payment. LVHN refused to pay and is working with law enforcement and cybersecurity experts to investigate the incident. 

The medical device company Zoll Medical was recently sued in U.S. District Court in Eastern Massachusetts over a recent data breach involving more than 1 million people.