Reps. Greg Walden, R-Ore., and Tim Murphy, R-Pa., sent a letter requesting that the Department of Health and Human Services (HHS) attend a briefing with the Energy and Commerce committee on pharmaceutical companies affected by malware, such as the recent NotPetya malware’s impact on pharmaceutical company Merck.
“Though cybersecurity has been of increasing concern over the last several years, especially within the healthcare sector, the NotPetya infection represents a new challenge in that it is one of the first known instances in which a malware infection disrupted a company’s physical manufacturing capabilities,” wrote Walden and Murphy. “While Merck was not the only company to suffer degraded capabilities due to the June 27 outbreak, Merck’s role as a supplier of life-saving drugs and other medical products sets its infection and subsequent manufacturing issues apart and raises the possibility of more serious consequences for the health care sector as a whole.”
According to the letter, the committee looks to uncover what actions HHS has taken to understand and respond to the situation and HHS policies, plans and procedures to address the potential consequences of a cyberattack on drug supplies.
“It is important, therefore, for the committee to understand the details of this event and the response of the Department of Health and Human Services (HHS) so that we can work together to ensure that appropriate lessons are identified and addressed,” Walden and Murphy wrote. “Learning from this event will not only benefit the health care sector, but also the millions of patients depending on the availability of its products and services.”
The letter notes that there is no evidence of this hack, and its impact on Merck’s medical supplies, currently posing a danger to patients, but added that it will affect supplies of vaccines like Hepatitis B.
The representatives also sent a letter to the CEO of Merck requesting a formal briefing on the topic with HHS by Oct. 4.