West Pharmaceutical Services, a global manufacturer of drug delivery systems used by the world’s top pharmaceutical and biotechnology companies, is still scrambling to restore business operations nearly a week after being hit by ransomware.

In a May 13th update on the company’s website, West Pharmaceutical said it continues “to make good progress in the restoration of our systems,” citing a letter from Palo Alto Networks Unit 42, the third-party experts hired to support remediation efforts.

“This letter affirms…that evidence indicates the identified unauthorized activity has been contained and the immediate risk to West’s operational environment has been mitigated,” the company said.

“West Pharmaceutical Services is rebuilding impacted systems or restoring from backups predating the known window of compromise to further prevent threat actor re-entry. Any impacted systems not yet rebuilt/restored have been isolated from the network,” Unit 42 wrote in the incident response report.

Data stolen, systems encrypted

IT teams first became aware of the intrusion on May 4th, after detecting a network systems issue, West said in an initial notice posted on May 7th.

West also disclosed the attack in a May 7th filing with the US Securities and Exchange Commission (SEC), stating the Pennsylvania-based company was forced to take portions of its network offline to help contain the damage, including “on-premise infrastructure,” as well as “restricting access to enterprise systems.”

The “unauthorized party" responsible for the “material cyberattack” was able to exfiltrate an unknown amount of data and encrypt certain IT systems, the SEC 8-K filing states, noting that investigations into “the nature and scope of the incident remain ongoing.”

The company has not yet disclosed what information may have been stolen or whether patient, customer, or partner data was impacted.

Global disruptions, restoration efforts underway

West Pharmaceutical is a leading global manufacturer of injectable delivery components and services, including vial containment systems, prefillable syringes and components, and patented self-injection devices used in a wide range of life-saving medical treatments, including rheumatoid arthritis and other autoimmune diseases.

With 10,000 employees, the company operates 50 certified manufacturing, distribution, and research and development facilities worldwide, including in both North and South America, Europe, and the Asia Pacific, and delivers more than 41 billion components and devices each year, according to its website.

According to an update on Sunday, the containment measures resulted in the disruption of business operations worldwide, including shipping, manufacturing, and other shared service functions.

West said Wednesday it has since “restored its core enterprise systems, and critical processes for shipping, receiving, and manufacturing have restarted at some sites,” although the timeline for full recovery is still unknown.

West, which generated over $3 billion in net sales last year, said it is working closely with customers to mitigate risk and minimize delays wherever possible.

No ransomware gang has publicly claimed responsibility for the breach as of Thursday.

---

Unlock more exclusive Cybernews content on YouTube.