Congress Sets Sights on Pharma Cybersecurity After Attack

Regulatory NewsRegulatory News | 22 September 2017 |  By 

Leadership from the House Energy and Commerce (E&C) committee on Wednesday called on Merck CEO Ken Frazier and Department of Health and Human Services Secretary (HHS) Tom Price to brief Congress on the impact of a recent cyberattack on the healthcare sector.


On 27 June, a cyberattack involving ransomware known as "Petya" or "NotPetya" infected government and business computer systems in Ukraine before spreading to other corporate networks around the world.

Merck, one of the companies affected by the attack, said the attack impacted its manufacturing, research and sales operations worldwide, but has not given estimates on the cost of the attack or whether the attack interrupted the supply of specific products.

But in its Q2 earnings report in late-July, Merck said it was still "in the process of restoring its manufacturing operations," and that its active pharmaceutical ingredient operations had not yet been fully restored.

Damages related to the attack have run in the hundreds of millions for other firms, with shipping giant Maersk saying its response to the attack cost between $200-300 million and parcel delivery firm FedEx attributed a $300 million profit-loss to the attack.

Drugmaker Reckitt Benckiser said in July it was expecting £100 million in delayed revenue due to disruptions to shipping and invoicing as a result of the attack, though some of the revenue would not be made up due to manufacturing difficulties.


In the letters, E&C Chairman Rep. Greg Walden (R-OR) and Subcommittee on Oversight and Investigations Chairman Rep. Tim Murphy (R-PA) say they are concerned about the potential for cyberattacks to disrupt the supply of life-saving drugs.

"Merck's role as a supplier of life-saving drugs and other medical products sets its infection and subsequent manufacturing issues apart and raises the possibility of more serious aftereffects for the healthcare sector as a whole," Walden and Murphy write.

To better understand the impacts of the attack, Walden and Murphy ask Merck to brief them on the steps Merck has taken to recover from the incident. The Reps. also call on Price to provide an update on the steps HHS has taken to understand and respond to the situation and how the agency plans to address potential drug shortages caused by cyberattacks.

In a statement to Focus, a Merck spokesperson Doris Li said the company is in contact with the committee and has offered to brief the members on the issue.

"Patients are our top priority and, since the cyberattack, we have prioritized medicines and vaccines that are considered life-saving or medically significant. We are confident in the continuous supply of our key products," Li said.

House Energy & Commerce


© 2023 Regulatory Affairs Professionals Society.

Discover more of what matters to you

No taxonomy