Drug and vaccine manufacturer Merck & Co Inc has quantified the impact of a cyberattack on its revenue at US$135 million. The company disclosed the figure in its third quarter earnings report.

The cyberattack occurred in June and forced Merck to halt production of its drugs.

Merck is one of a number of corporations whose operations were disrupted by the NotPetya attack, which initially affected business and government agencies in Ukraine before spreading worldwide.

NotPetya displayed as a ransomware attack but purported to lock victims out of their systems and destroy their data. It encrypted hard drives so that machines could not run. The attacks forced business to individually replace drives, which is a labour-intensive process.

In Merck’s case, after the production shutdown it borrowed the human papilloma virus (HPV) vaccine Gardasil 9 from the US Centres for Disease Control and Prevention. Merck did not have enough of the vaccine in stock to meet unexpected high demand.

Merck’s experience demonstrates that cybersecurity is not just an issue for connected medical devices. Drug and biologics manufacturers should consider cyberattacks as real and serious threats – it’s a no-brainer that the supply of medicines can affect human lives.