No one with an Internet connection seems to be immune.
On Tuesday, global pharma giant Merck & Co confirmed its computer network had been compromised as part of a widespread cybersecurity attack, which also impacted at least one health system and many large corporations.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)
— Merck (@Merck) June 27, 2017
We are investigating the matter and will provide additional information as we learn more. (2 of 2)
— Merck (@Merck) June 27, 2017
Ukraine appears to have been hit hardest, with several of its ministries, local banks, and metro systems reportedly affected.
From there the highly-virulent malware spread, including to the United States.
Heritage Valley Health System (HVHS) confirmed its network had been breached later in the day. HVHS is a $480 million integrated healthcare delivery organization operating in regions of Pennsylvania, eastern Ohio, and West Virginia.
Via email, Spokeswoman Suzanne Sakson told Trib that the attack was far-reaching.
“Heritage Valley Health System has been affected by a cyber security incident. The incident is widespread and is affecting the entire health system including satellite and community locations. We have implemented downtime procedures and made operational adjustments to ensure safe patient care continues un-impeded.”
According to the Associated Press, the attack exploits the same digital vulnerability as the so-called “WannaCry” ransomware attack that ravaged computer systems worldwide in early May. As such, a fix issued by Microsoft earlier this year should have protected against both attacks.
Many onlookers on Twitter were quick to assign blame.
“All you had to do was patch your systems with a patch that was available months ago! Have you fired your CIO yet?” commented one Twitter user in response to Merck’s first Tweet on the issue.
If only it were that easy. Chris Wysopal, chief technology officer at the security firm Veracode, told ABC News that 100 percent of computers in the network have to be patched for the organization to be immune. Once infiltrated, Wysopal said that new malware has a mechanism to spread to patched computers as well.
With 69,000 employees and annual revenues approaching $40 billion, Merck is one of the largest pharma companies in the world. It also has operations in Ukraine.
Other victims reportedly include global law firm DLA Piper, Russian oil company Rosneft, and the Danish oil and shipping company AP Moller-Maersk.
Photo: Rawpixel Ltd, Getty Images
