West Pharma fully operational after May cyberattack

West Pharma back online after hackers stole data and locked systems

Published: 21 May 2026

Last updated: 21 May 2026

Reuters
Contribution by Izabelė Pukėnaitė

West Pharmaceutical Services (WST) said on Wednesday that it has restored operations across its sites after a cybersecurity attack earlier this month and expects the incident to have no material impact on its 2026 financial outlook.

West Pharmaceutical Services detected a cyberattack on May 4th involving data theft and locked systems, forcing the company to take operations offline globally.
The medical device manufacturer, which delivers over 41 billion components annually, has restored operations and expects no material impact on its 2026 financial outlook.
The company has not disclosed what data was stolen or whether patient, customer, or partner information was compromised, with the investigation still ongoing.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The company said it is continuing its investigation, but has not seen any further unauthorized access.

Shares of the company were up about 2% in after-hours trading.

The medical equipment maker detected an intrusion on May 4th and confirmed a material cybersecurity attack on May 7th, involving data theft and systems being locked.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

Following the incident, systems were taken offline globally, law enforcement was informed, and external cyber experts were hired to handle the response to the cyberattack.

West Pharmaceutical is a global manufacturer of drug-delivery systems, including vial containment systems, prefillable syringes, and patented self-injection devices. The company delivers more than 41 billion components and devices each year.

Cybernews previously reported that when the company took its systems offline, it disrupted business operations worldwide, including shipping and manufacturing. At the time, West Pharma didn’t disclose what information may have been stolen during the cyberattack, or whether patient, customer, or partner data was impacted.

What also remained unclear was whether any ransomware gang had publicly claimed responsibility for the breach.

black shirt, ultrasound examination, white bald patient, naked belly, black monitor — An ultrasound examination. Klaudia Radecka/NurPhoto/Getty.

Analysts at Evercore ISI now say they are "incrementally encouraged by WST's ability to quickly return to normal operations and offset any cyberattack-related disruption."

They added that the company will likely leverage flex capacity and 24/7 operations, which management had previously highlighted as a lever to offset disruption.

Since the attack, the company has restored its systems and restored key processes such as manufacturing, receiving, and shipping at all locations. The company claims that it’s now fully operational across manufacturing, supply chain, and commercial sites globally.

Still unclear how much data may have been stolen

The company said the review is ongoing, including an assessment of how much data may have been affected. Despite the breach, the incident has not had and is not expected to have a material impact on its 2026 second-quarter or full-year forecast, as per Reuters’ reporting.

The cyberattack on West Pharma isn’t an isolated incident. In March, Stryker ⁠and Intuitive Surgical also reported cybersecurity incidents, while Medtronic disclosed a similar incident in April.

Unlock more exclusive Cybernews content on YouTube.

Share

Post

Share