Congress Asks Merck for Information on Cyberattack

WASHINGTON (CN) – Worldwide disruption from a cyberattack on pharmaceutical giant Merck this summer has led Congress to request a formal briefing with the company’s CEO and Health and Human Services Secretary Tom Price.

Price and Merck CEO Kenneth Frazier received letters Wednesday from the House Committee on Energy and Commerce.

The inquiry stems from the June 27 “NotPetya” malware infections which interrupted Merck’s worldwide operations, including its manufacturing, research and sales divisions.

The malware may have interrupted the supply chain of certain hepatitis B formulas. Whether this actually occurred will be the focus of the requested Oct. 4 hearing.

“While the malware was largely contained after the initial outbreak, it had successfully compromised businesses around the world. Known victims come from a variety of sectors including, but not limited to, shipping, food, marketing, oil and legal,” the virtually identical letters stated.

Widespread reports of the damage inflicted on Merck in the days after the attack raised alarm bells for the committee. But it was a more recent update on the national vaccine supply from the Centers on Disease Control and Prevention that brought the committee’s request for a briefing.

“While it is unclear whether this [supply chain interruption] is related to the NotPetya disruption, and much of the supply can be filled by other manufacturers, it does raise questions about how the nation is prepared to address a significant disruption to critical medical supplies,” the letter states.

Signed by committee chairman Rep. Greg Walden, R.-Ore., and oversight and investigations subcommittee chairman Rep. Tim Murphy, R.-Pa., the letter says the NotPetya attack represents “new challenges” for critical industries, particularly those in the healthcare fields.

Digital attacks that affect production are likely to continue, the lawmakers said.

Reuters reported that during a June conference call on Merck’s quarterly earnings, Frazier acknowledged that full recovery would “take some time” and predicted a hit to earnings.

Merck was not the only company affected by the attack. FedEx and the distributor of Cadbury chocolate, Mondelez International, were also among those targeted.

A spokesperson for Merck told Courthouse News “We have been in contact with the committee and have offered to brief them at any time.”

“Patients are our top priority and, since the cyber attack, we have prioritized medicines and vaccines that are considered life-saving or medically significant.  We are confident in the continuous supply of our key products,” the spokesperson said.

%d bloggers like this: