West Pharmaceutical Services Hit by Cyberattack, Disrupting Global Drug Supply Chain
On May 7, West Pharmaceutical Services disclosed a cyberattack after detecting a network systems issue on May 4. The company swiftly activated incident response protocols, notified law enforcement, and engaged third-party cyber-forensic experts to investigate the breach.
While the full scope of the attack remains under assessment, West confirmed that data was exfiltrated, though the exact nature and extent of the compromised information are still unclear. Jacob Krell, Senior Director of Secure AI Solutions & Cybersecurity at Suzu Labs, noted that the uncertainty stems from a common challenge incomplete data inventory which complicates incident response, regulatory compliance, and customer notifications.
The attack had immediate operational consequences. By May 11, the company reported global disruptions to shipping, receiving, and manufacturing processes. While enterprise systems were restored by May 13, and some operations resumed, full production capacity had not yet been regained.
Damon Small, a board member at Xcape, Inc., emphasized the attack’s critical impact on the drug supply chain, describing it as a "direct hit on the sterile core" of global pharmaceutical logistics. The proactive shutdown of manufacturing and shipping necessary to contain the breach paralyzed the delivery of approximately 70% of the world’s injectable drugs, creating backlogs in an industry where sterile integrity and just-in-time delivery are non-negotiable.
Small also highlighted the potential theft of proprietary intellectual property, suggesting that the absence of a public leak site indicates ongoing negotiations to protect sensitive data, such as packaging designs and shipping manifests. These assets are critical dependencies for major pharmaceutical companies like Pfizer and Moderna. The phased restart of operations further signals lingering distrust in operational technology (OT) segmentation, as the breach appears to have bridged corporate IT and production systems.
Moderna Products cybersecurity rating report: https://www.rankiteo.com/company/moderna-products
"id": "MOD1778777346",
"linkid": "moderna-products",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Major pharmaceutical companies '
'(e.g., Pfizer, Moderna)',
'industry': 'Pharmaceutical',
'location': 'Global',
'name': 'West Pharmaceutical Services',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High (critical dependencies for '
'pharmaceutical companies)',
'type_of_data_compromised': 'Proprietary intellectual '
'property (e.g., packaging '
'designs, shipping manifests)'},
'date_detected': '2024-05-04',
'date_publicly_disclosed': '2024-05-07',
'description': 'West Pharmaceutical Services disclosed a cyberattack after '
'detecting a network systems issue on May 4. The company '
'activated incident response protocols, notified law '
'enforcement, and engaged third-party cyber-forensic experts. '
'The attack led to global disruptions in shipping, receiving, '
'and manufacturing processes, with data exfiltrated. The '
'breach had critical impacts on the drug supply chain, '
"affecting approximately 70% of the world's injectable drugs.",
'impact': {'data_compromised': 'Data was exfiltrated, exact nature and extent '
'unclear',
'downtime': 'Global disruptions from May 4; full production '
'capacity not regained by May 13',
'operational_impact': 'Global disruptions to shipping, receiving, '
'and manufacturing; paralyzed delivery of '
"~70% of the world's injectable drugs",
'systems_affected': 'Network systems, manufacturing, shipping, and '
'receiving processes'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential, but no public '
'leak site indicates '
'ongoing negotiations',
'high_value_targets': 'Proprietary intellectual '
'property (e.g., packaging '
'designs, shipping '
'manifests)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Incomplete data inventory complicates incident response, '
'regulatory compliance, and customer notifications. '
'Critical need for robust OT segmentation to prevent '
'breaches bridging IT and production systems.',
'post_incident_analysis': {'corrective_actions': 'Phased restart of '
'operations; enhanced OT '
'segmentation measures',
'root_causes': 'Incomplete data inventory; '
'inadequate OT segmentation'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Jacob Krell, Senior Director of Secure AI '
'Solutions & Cybersecurity at Suzu Labs'},
{'source': 'Damon Small, Board Member at Xcape, Inc.'}],
'response': {'containment_measures': 'Proactive shutdown of manufacturing and '
'shipping; phased restart of operations',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'network_segmentation': 'Lingering distrust in OT segmentation',
'recovery_measures': 'Some operations resumed; full production '
'capacity not regained by May 13',
'remediation_measures': 'Enterprise systems restored by May 13',
'third_party_assistance': 'Cyber-forensic experts engaged'},
'title': 'West Pharmaceutical Services Hit by Cyberattack, Disrupting Global '
'Drug Supply Chain',
'type': 'Cyberattack'}