Cyber Incident Victim: Pharmascience
Date:
Jun 2024
Location:
Canada
Summary
Pharmascience, a Montreal-based generic pharmaceutical manufacturer, experienced a cybersecurity breach involving unauthorized system access, prompting engagement of external experts to secure its IT infrastructure without reported production disruptions. While the company confirmed system restoration and resumed safe operations, it withheld specifics on attack duration, scope, ransom demands, or potential data exfiltration. The incident underscores broader pharmaceutical sector vulnerabilities, where supply chain fragility—exacerbated by just-in-time production models—could amplify cascading shortages if attacks disrupt manufacturing. This event aligns with industry trends of escalating cyberattacks targeting pharmaceutical entities, driven by their financial capacity and sensitive data holdings, though direct operational or supply impacts remain unconfirmed in this case.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Pharmascience, a major Canadian-owned pharmaceutical company based in Montreal, detected a cybersecurity intrusion in its IT systems on June 1, 2024. The company confirmed the incident publicly in early June but declined to disclose the attack’s duration, scope, or specific operational impacts beyond stating that medication production appeared unaffected. No details were provided regarding data exfiltration, ransom demands, or payments. Pharmascience engaged external cybersecurity experts immediately after discovery to contain the breach and secure compromised systems. The company asserted that operations resumed safely and efficiently following containment measures, though it withheld technical specifics about affected infrastructure or attack vectors.
The incident highlighted broader concerns about pharmaceutical supply chain vulnerabilities, as industry experts noted even temporary production disruptions could trigger cascading shortages across Canada’s just-in-time medication ecosystem. Benoit Morin, president of the Quebec Association of Proprietary Pharmacists, emphasized that limited drug inventories at pharmacies, wholesalers, and manufacturers amplify risks when any producer slows output. While Pharmascience’s production continuity prevented immediate supply issues, the attack occurred amid rising cyber targeting of pharmaceutical firms globally, including 2023 breaches at Sun Pharma and Eisai, plus recent incidents at London Drugs and Cencora subsidiary Innomar Strategies. Industry data cited in the report indicated a 67% increase in pharmaceutical sector cyberattacks between 2014 and 2021, with over half of companies experiencing malicious activity. Pharmascience’s parent organization, the Canadian Generic Pharmaceutical Association, asserted the supply chain’s resilience but declined interview requests about cybersecurity practices.