Cyber Incident Victim: eResearch Technology

On September 20, 2020, eResearch Technology (ERT), a Philadelphia-based clinical services provider specializing in electronic patient-reported outcomes (ePRO) for global drug trials, suffered a ransomware attack. The company immediately took its systems offline as a precaution upon discovering the incident, disrupting access to critical clinical trial data across Asia, Europe, and North America. Researchers conducting COVID-19 trials for tests, treatments, and vaccines were forced to revert to manual pen-and-paper tracking methods after losing electronic access to ERT’s platforms. While no trials were permanently ruined, the attack caused significant delays in ongoing studies. Among the affected organizations was IQVIA, a contract research organization managing AstraZeneca’s COVID-19 vaccine trial, and Bristol Myers Squibb, which was leading an alliance developing rapid COVID-19 tests. ERT’s pre-existing data backups mitigated potential data loss, though the company declined to disclose the total number of impacted trials or whether any ransom demand was paid. The FBI was notified of the attack, but no attribution to a specific ransomware group was confirmed.

ERT began restoring its systems by October 2, 2020, as confirmed by Vice President of Marketing Drew Bustos, who stated the incident had been contained. The company emphasized its role in supporting 50% of all FDA drug approvals since 2013 but did not specify which trials or therapeutic areas were most affected by the disruption. No patient data compromise was reported, and the primary operational consequence remained the temporary slowdown of research workflows due to manual data collection. The attack highlighted vulnerabilities in clinical trial infrastructure during the pandemic, with Accedian’s cybersecurity VP Michael Rezek noting the broader trend of escalating breaches across industries. ERT’s recovery efforts focused on reactivating systems while maintaining procedural integrity for ongoing trials.