Belgium: Gardasil out of stock after MSD production lines were shut down

Last May, NotPetya simultaneously hit large companies and government structures around the world including the Belgian pharmaceutical firm MSD, victim of this attack. MSD is part of the Merck & Co Group, the world’s second largest pharma group. Merck was the first hit by the virus in the US and announced last month 135 million $ financial losses.

Computer hacking on an industrial system can have serious economic consequences. In Belgium, out of 21,000 marketed medicines, 400 are constantly out of stock. MSD produces Gardasil 4, a vaccine to prevent cervix cancer. Attacked this summer by the ransomware NotPetya, the laboratory production lines were stopped. Since then, the company has never been able to catch up and at the same time has to deal with the increasing demand. Since September 15, this drug cannot be found in store. Fortunately, the MSD lab produces Gardasil 9, a similar and compatible vaccine that can be taken as a palliative.

According to Allan Matthys, spokesman for the firm, “several production sites were shut down. It was necessary to restart quality procedures. These are procedures that take weeks to get going. Not easy to catch up on orders already placed … All this leads to problems that can last several months”.

This example reminds us once again that prevention and upstream protection are inevitable. An in depth defense at the industrial systems’ entrance coupled with a security of supervisory position could have blocked the virus and allow this company to go on with the production.

CyFENCE, the Cybelius DMZ, allows secure exchanges at the junction of IT and OT networks. This solution integrates up to 10 security services which protect vulnerable workstations from cyberattack (see Notpetya ransomware). Indeed, CyFENCE plans to deport the engineering and supervision positions in several virtual machines that are secured in the DMZ. That way, we throw off the security vulnerabilities of old operating systems and we reduce the spread by sealing stations. On the other hand, we secure access through the VM (and the hypervisor) and firewalls. Finally, accessibility to the supervision tools of any PC in the industrial system is guaranteed.

For MSD, we see that the activity recovery took several weeks. In this specific case of vaccine production, where the quality procedures are drastic, what is noticeable is that the operational restoration is key. As such, CyFENCE plans to secure all the workstations as well as the PLC programs in its DMZ. This backup and disaster recovery principle allows a plant to restart the system in record time and go on with the production.

For more information on our CyFENCE solution, do not hesitate to contact us: