September 22, 2017
By Alex Keown, BioSpace.com Breaking News Staff
Republican leaders on the House Energy and Commerce Committee issued a letter to Health and Human Services Secretary Tom Price raising raising concern over the June cyberattack. First reported by The Hill, the lawmakers said the malware strain known as NotPetya continues to negatively impact Merck’s operations. That adds to the “growing list of concerns about the potential consequences of cyber threats to the health sector,” the letter said.
In June, Merck, among other global companies, was targeted by the hack, which was believed to originate in the Ukraine. The virus, a type of ransomware, shut down computer systems and sought to extort funds from companies in order to release those compromised systems.
Since the attack, Merck has not fully returned to functionality, something the federal lawmakers noted in their letter to Price. Citing Merck’s second quarter report from the end of July, the lawmakers highlighted Merck’s comments that the company is continuing to restore its manufacturing operations. Merck has mostly restored its packaging operations and some of its formulation operations. The company said its Active Pharmaceutical Ingredient operations is not yet producing bulk content. Merck did note that its external manufacturing was not impacted and was able to fill orders and ship its products.
Although Merck noted it is still able to ship treatments, the lawmakers told Price they are now concerned about potential supply chain breaks. As an example, the legislators said the Centers for Disease Control noted recently that Merck would not distribute certain formulations of its hepatitis B vaccine. Legislators said it’s unclear whether or not this was related to the ransomware attack, but “it does raise questions about how the nation is prepared to address a significant disruption to critical medical supplies.”
In July, Merck said its pediatric hepatitis B vaccine Recombivax HB would not be available until 2018. The company said the shortage was due to increased demand for the drug. The CDC said GlaxoSmithKline had adequate supplies of its hep B drug Engerix-B hepatitis B, AAP News reported in July.
While GSK may have had supplies to cover the gap, lawmakers focused on how such a shortage, particularly from a U.S.-based company could negatively impact health care.
“While Merck was not the only company to suffer degraded capabilities due to the June 27 outbreak, Merck’s role as a supplier of life-saving drugs and other medical products sets it infection and subsequent manufacturing issues apart and raises the possibility of more serious consequences for the health care sector as a whole,” the lawmakers said in the letter.
Cyberattacks, particularly ransomware attacks, are expected to be on the rise in the next few years. Earlier this summer, Kaspersky Lab’s APT trends report for 2017 pointed to hackers targeting corporate interests, including energy companies, TechRepublic reported. The House Republican lawmakers are seeking information as to how HHS can address any potential drug shortages due to cyberattacks. Additionally, they have asked for Merck to provide them with a briefing by Oct. 4. A Merck spokesperson said the company has offered to brief the legislative committee whenever it asks.
“Patients are our top priority and, since the cyber-attack, we have prioritized medicines and vaccines that are considered life-saving or medically significant. We are confident in the continuous supply of our key products,” the spokesperson told Courthouse News.