Incident Response, Supply chain

Cyberattack hits Spanish pharmaceutical company Alliance Healthcare

A pharmacist measures a prescription

A cyberattack deployed against one of Spain’s leading pharmaceutical companies, Alliance Healthcare, is causing delays in the drug disruption supply chain, according to local news outlet El Pais. Alliance is a pharmaceutical distributor, as well as a clinical trial support company.

The cyber incident began on March 17 and has led to a complete shutdown of the company’s website, billing systems, and ordering processes. During the first few days of the attack, the company remained at a standstill.

Company officials say after detecting an “interruption” in its system, they initiated processes to limit the impact. Patients are the main priority, and the recovery team is working quickly to remediate the issue.

The outages have led to supply delays, due to server and online system shut downs. Pharmacies in the Catalonia region are seeing the biggest impacts, due to Alliance’s market share in the region.

But officials stress there have been limited patient impacts, as pharmacies typically leverage more than one distributor for ordering processes. In that way, other companies have been able to supply the necessary orders.

During a prolonged outage, the uptick in orders may cause further delays for those suppliers, as they may not have enough supply on hand to fulfill unexpected requests.

The attack struck less than three weeks after the RansomHouse incident against the Hospital Clinic of Barcelona, which is still operating under network downtime procedures.

The hospital has been able to maintain oncology services and other urgent care appointments at nearby locations. The last update on March 17 shows the hospital has only recovered about 50% of its processes. Western Europe has seen a spate of attacks against its health sector this year. CHC Montlégia in Liège is still working to get back online four months after a cyberattack.

US healthcare entities should view these attacks as a warning shot, particularly given the onslaught of nation-state cyberattacks and DDoS attempts in the last few months. Leaders should ensure they’ve fully prepared an incident response plan to prevent long-term downtime procedures in the event of a cyberattack.

As seen in the post-mortem report on the cyberattack and outage at New Zealand Waikato District Health Board, effective responses are directly tied to practicing business continuity plans — even with clear awareness of cybersecurity priorities.

Specifically, WDHB failed to test its plan for functionality in a practice environment before the cyberattack, which led to the months-long outages and dogged response. Mitre recommends identifying the systems needed to maintain patient care and tying it to well-practiced response plans.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.