Pharmaceutical giant Novartis has been hacked in a cyberattack, but says no sensitive data has been stolen, according to a report from security specialist Bleeping Computer.
The attack – possibly carried out using ransomware – has been attributed to Industrial Spy, a hacking ring that operates an extortion marketplace where they sell data stolen from compromised organisations, and is known for using ransomware in this way.
The report says that the Novartis data has already been put up for sale on the group's Dark Web marketplace for $500,000 in bitcoins.
It suggests data on RNA and DNA-based programmes has been compromised, as well as information on COVID-19 vaccine projects and Novartis' CAR-T cancer therapy Kymriah, that were "stolen directly from the laboratory environment of the manufacturing plant."
Novartis said in a statement that it "is aware of this matter, we have thoroughly investigated it and we can confirm that no sensitive data has been compromised."
The company added: "We take data privacy and security very seriously and have implemented industry standard measures in response to these kind of threats to ensure the safety of our data."
A recent report by Sophos said that 66 per cent of healthcare organisations surveyed by the company said they had been hit by ransomware attacks in 2021, up from 34 per cent in 2020, exposing once again the vulnerability of the sector to this type of criminal activity.
Healthcare is the sector most likely to pay the ransom, with 61 per cent of respondents whose data was encrypted admitting to paying the ransom compared to the cross-sector average of 46 per cent, it said.
Other recent attacks against the pharma industry have involved Merck & Co – in a notorious case that is reported to have cost the company more than a billion dollars to fix – as well as Charles River Laboratories, Bayer and Fresenius.
©
SecuringIndustry.com