Lawmakers worry cyberattacks could cause drug shortages

Lawmakers worry cyberattacks could cause drug shortages
© Getty Images

Leading Republicans on a key House committee want President Trump’s health chief to brief them on potentially disastrous cyber threats to the health sector, including drug shortages. 

The new focus on health-care cyber threats comes after the recent "NotPetya" malware attack wreaked havoc on U.S.-based pharmaceutical giant Merck.

Reps. Greg Walden (R-Ore.) and Tim Murphy (R-Pa.), top Republicans on the House Energy and Commerce Committee, noted the danger in letters to Health and Human Services (HHS) Secretary Tom PriceThomas (Tom) Edmunds PriceChaotic Trump transition leaks: Debates must tackle how Democrats will govern differently Leaked Trump transition vetting documents show numerous officials with 'red flags': Axios Democrats constantly overlook conservative solutions to fix our broken health care MORE and Merck CEO Kenneth Frazier this week.


Walden, the committee chair, and Murphy, who leads the subcommittee on oversight and investigations, want answers about what HHS and the company have done to respond to the malware attack, which began at the end of June. 

Merck was widely reported to be among businesses affected globally by the malware, which broke out in Ukraine and quickly spread to organizations and businesses in other parts of Europe and the United States. 

In its second-quarter 2017 financial outlook released at the end of July, Merck said the cyberattack disrupted worldwide operations, including manufacturing and sales, and that the disruption remained “ongoing in certain operations.” 

“The revelation that it continues to affect Merck’s operations adds to the growing list of concerns about the potential consequences of cyber threats to the health-care sector,” the lawmakers wrote in the letters. 

The Republicans also raised concerns about the potential that such a cyberattack could disrupt manufacturing operations, cutting off access to certain medical supplies. 

“While there is no evidence, to date, that Merck’s manufacturing disruption has created a risk to patients, it certainly raises concerns. For example, in a recent update on national vaccine supply, the CDC reported that Merck would not be distributing certain formulations of the Hepatitis B vaccine,” Walden and Murphy wrote. 

“While it is unclear whether this is related to the NotPetya disruption, and much of the supply can be filled by other manufacturers, it does raise questions about how the nation is prepared to address a significant disruption to critical medical supplies,” they wrote.

The lawmakers want to hear from Price on actions HHS has taken to probe and respond to the “NotPetya” attack, as well as “policies, plans, and procedures for addressing potential drug shortages or other associated consequences caused by cyber infections such as the NotPetya malware strain.” 

They are also asking Merck for a formal briefing with the committee by Oct. 4.