Pharmaceutical giant MSD has been asked to explain how much damage it sustained from a cyberattack which shut down its global operations, including its Australian office, for almost a week in June.
The company, called Merck in the US, must report to a US Congress House Committee on the malware attacks – known as Petya and NotPetya – detailing the extent of the disruption to its manufacturing operations and the impact on the supply of drugs.
“Merck’s role as a supplier of life-saving drugs and other medical products sets its infection and subsequent manufacturing issues apart and raises the possibility of more serious after-effects for the healthcare sector as a whole,” the US committee wrote in a letter to the company.
The committee said that “while there is no evidence to date that Merck’s manufacturing disruption has created a risk to patients, it certainly raises concerns” citing short supply of the company’s hepatitis B vaccine in the US as an example of an area of concern.
In its second-quarter financial results announcement, Merck acknowledged the attack had disrupted manufacturing, research and sales operations, but said it did not yet know “the full magnitude of the impact of the disruption, which remains ongoing in certain operations”.
The company said it had prioritised medicines and vaccines that were considered life-saving or medically significant and the short supply of its hepatitis B vaccine was not as a result of the cyber attack.
Known as H-B-VAX II in Australia, the vaccine is listed on the TGA website as having been in short-supply since August, along with other hepatitis B vaccines.