Cyber Incident Victim: SCA Pharmaceuticals LLC

On July 5, 2022, SCA Pharmaceuticals, LLC identified a malware attack that compromised its computer network, disrupting system accessibility. The Little Rock, Arkansas-based FDA 503B outsourcing facility immediately secured its network, terminated unauthorized access, and initiated an investigation to assess potential data exposure. The company confirmed that unauthorized actors had infiltrated its IT infrastructure and accessed files containing sensitive consumer information. The compromised data included names, dates of birth, Social Security numbers, governmental identifiers, health information, and bank account details. SCA Pharmaceuticals conducted a comprehensive review of affected files to determine the specific information exposed and identify impacted individuals. This process confirmed the breach affected an undisclosed number of consumers whose data resided on the compromised systems.

SCA Pharmaceuticals formally reported the incident to the Montana Attorney General’s office on August 29, 2022, and began notifying affected individuals via data breach letters the same day. The company did not disclose the total number of affected parties or the duration of unauthorized network access prior to detection. As a provider of sterile admixtures and pre-filled syringes to hospitals nationwide, the breach exposed sensitive personal and financial data rather than patient treatment records or pharmaceutical manufacturing systems. With 442 employees and $88 million annual revenue, SCA operates facilities in Little Rock and Windsor, Connecticut, though the breach announcement did not specify which locations’ systems were compromised. The malware attack disrupted network operations but did not involve ransomware encryption or explicit ransom demands according to available disclosures. Impacted individuals faced potential risks of fraud and identity theft due to the exposure of high-sensitivity identifiers and financial data.