Merck: Cyberattack Caused $135M in Lost Sales
Posted 27 October 2017 | By
In its third quarter earnings report, US pharmaceutical company Merck said that manufacturing disruptions tied to a cyberattack last June led to $135 million in lost sales and caused the company to borrow from a US Centers for Disease Control's (CDC) strategic stockpile to meet demand for one of its vaccines.
On 27 June, a cyberattack involving ransomware known as "Petya" or "NotPetya" infected government and business computer systems in Ukraine before spreading to other networks around the world.
Merck, one of the companies affected by the attack, was forced to temporarily halt production at one of its facilities, but until now the company had not quantified the impact of the attack on its operations.
In the healthcare realm, cybersecurity is often thought of as issue for connected medical devices and protecting patient information; however, in the aftermath of the Petya attack, it is clear that cyberattacks pose a real and serious threat to drug and biologics manufacturers.
"As we had cautioned in July, the June cyber event negatively impacted third quarter results, including an unfavorable revenue impact of approximately $135 million from lost sales," Merck CFO Robert Davis said during the company's earnings call.
Davis also attributed roughly $175 million in costs to the cyberattack for the quarter, and said he expects a similar impact to revenue and expenses in the fourth quarter.
The temporary production shutdown, along with unexpectedly high demand, also caused Merck to borrow $240 million worth of the company's human papilloma virus (HPV) vaccine Gardasil 9 from the US Centers for Disease Control and Prevention's pediatric vaccine stockpile.
According to Davis, the company would have experienced growth in sales of the vaccine had it not needed to borrow from CDC's stockpile, though he said the company will recognize revenue for the borrowed vaccine as it replenishes the stockpile next year.