Key Takeaways:
West Pharmaceutical Services (WST) said Friday its global manufacturing operations are recovering after a May 4 cyberattack that disrupted production and logistics. The company's stock, which had fallen roughly 7% since the incident, rose over 1% on the news.
"Our outside counsel promptly engaged Palo Alto Networks Unit 42 to support the Company’s investigation, containment, and recovery efforts," West said in a statement, adding that the primary focus remains ensuring continuity of supply to customers as production scales up.
The company reported that its high-value product sites, including its largest facility in Eschweiler, Germany, are fully operational. Most other sites have resumed shipments with manufacturing ramping up across all locations after the company was forced to take systems offline for containment earlier this month.
Evercore ISI analyst Daniel Markowitz said he expects some impact to second-quarter results from the cyberattack but does not anticipate any hit to its full-year outlook. The attack on West, a critical supplier for approximately 70% of the world's injectable drugs, follows cybersecurity incidents at other healthcare companies like Stryker, Intuitive Surgical, and Medtronic in recent months.
West confirmed that it had suffered a ransomware attack where bad actors exfiltrated data and encrypted systems, forcing a proactive global shutdown of manufacturing and shipping. The company has since restored its core enterprise systems, allowing for a phased restart of operations.
In its Proprietary Products Segment, all High Value Products sites are now fully operational for shipping and receiving. Standard Packaging sites, which cover Core and Seals operations, are also fully operational with production ramping at most facilities. HVP Delivery Devices sites have also returned to full operational status.
“The West Pharmaceutical attack is a direct hit on the ‘sterile core’ of the global drug supply chain,” said Damon Small, a board member at Xcape Inc. “By forcing a proactive global shutdown of manufacturing and shipping, the attackers didn’t just lock servers; they paralyzed the delivery mechanism for approximately 70% of the world’s injectable drugs.”
Jacob Krell, Senior Director at Suzu Labs, noted that target selection by ransomware groups follows market logic. “A manufacturer that produces the injectable packaging and delivery systems drug companies depend on to get medication to patients cannot absorb extended downtime without that disruption cascading downstream,” Krell said.
The investigation into the nature and scope of the incident, including potential data impacts, remains ongoing. No ransomware group has publicly claimed responsibility for the attack.
The recovery progress signals that West Pharmaceutical is moving past the immediate crisis phase. Investors will now be watching for the company's second-quarter earnings report for a clearer picture of the financial impact of the disruption.
This article is for informational purposes only and does not constitute investment advice.
