Dr Reddy’s Laboratories on Thursday said it had “isolated” its data centre services after a cyber attack. The Hyderabad-headquartered drug maker reported the data breach days after it received regulatory approvals to conduct human trials of a Covid-19 vaccine candidate developed by a Russian research institute.
“In the wake of a detected cyber-attack, we have isolated all data centre services to take required preventive actions,” Dr Reddy’s told the Bombay Stock Exchange on Thursday.
“We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident,” Mukesh Rathi, Chief Information Officer of the company, said.
The attack, the exact nature of which is not yet public, has reportedly also forced the firm to temporarily shut down operations at its major manufacturing facilities across the world. Pharma experts said this is necessary to minimise the impact of a breach of cyber security.
Besides India, Dr Reddy’s has manufacturing facilities in the United States, United Kingdom, Mexico and China. It has research and development facilities in the US, the UK, the Netherlands and India. The company has 29 global offices in various continents.
In response to an email sent by Dr Reddy’s, company that will conduct Russian vaccine trials, isolates its data after cyber attack to confirm whether it had shut down production operations, a spokesperson said the company had “no further comments” to add to its statement to the BSE.
Pharmaceutical industry experts said data breaches at pharma companies often turned out to be “serious and critical” events that called for measures such as halting production while the breach was analysed and security issues were plugged.
Pharma firms rely on the integrity of data to ensure the quality of their medicines, the experts said. In the event of a breach, operations are stopped until the companies can be certain that their data remain secure and reliable.
“At the end of the day, whatever drugs you consume are dependent on the quality of data based on the regulatory norm or GMP (good manufacturing practices) requirement – whether it is a batch release, pharmacokinetics data, or data related to the material used in the drug,” said A Vaidheesh, former managing director and vice president-South Asia at GlaxoSmithKline Pharmaceuticals.
“There is a lot of information that goes into the manufacturing of a drug, and if that data is compromised, it becomes difficult to release any drug… Critical process parameters (CPP) in pharmaceutical manufacturing are key variables affecting the production process. Hence protection of data is critical,” Vaidheesh said.
An executive at an Indian pharma company said on condition of anonymity: “Over the last 10-15 years, pharmaceutical companies have shifted most of their documentation and manufacturing process data to the digital space, which leaves their manufacturing operations vulnerable to cyber security issues.”
Dr Reddy’s had told BSE on Saturday that it had received approval from the Drug Controller General of India, the country’s top drug regulator, to conduct mid- to late-stage clinical trials for the Sputnik V Covid-19 vaccine candidate developed by the Gamaleya Research Institute in Moscow.
The firm is expected to conduct phase 2/3 trials on around 1,500 participants across 10 sites, a senior government official told The Indian Express.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines