Big Pharma-partnered Evotec on high alert after cyberattack takes systems offline

German biotech Evotec is on high alert after a late-week cyberattack prompted the company to shut down its network.

Evotec says that unusual activity was noticed on its IT systems on April 6, prompting the company to take its digital infrastructure offline. A forensic examination of the breach is underway to learn the extent of the attack and relevant authorities have been notified, according to an update posted Monday. Evotec says that “business continuity is upheld” across the company’s sites but that systems remain unconnected and there may be delays or slower responses to partners. 

A 2021 report from the U.S. government found that health care was the industry highest-hit by cyber-attacks, accounting for nearly a quarter of events in 2020. An August 2022 editorial published in Nature deemed biotech “the weakest link of all” the sectors in health care. In 2020, cyberattacks—both attempted and successful— plagued vaccine manufacturers, including Dr. Reddy’s laboratories, AstraZeneca, J&J and Novavax, among others. 

Evotec reported roughly a week earlier that it was “ahead of the curve” in its full-year 2022 results, posting a 22% increase in group revenues compared to 2021. The biotech has accrued lucrative partnerships, including a targeted protein degradation pact with Bristol Myers Squibb that was just re-upped and is now worth up to $4 billion. 

Johnson & Johnson unit Janssen Pharmaceuticals also linked up with the company in June 2022, doubling down six months later for more targets.