On May 7, West Pharmaceutical Services revealed it experienced a cyberattack. 

• What happened? A network systems issue was identified, and on May 4, the company determined it to be the result of a cyberattack. The organization enacted incident response protocols, engaged law enforcement, and reached out to third-party cyber-forensic experts. 
• Who is impacted? The company has determined that certain data was exfiltrated, but it is still working to determine the extent of that affected data. Likewise, investigations continue to try and understand the nature and scope of the incident.

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity at Suzu Labs, remarks, “West’s SEC filing notes the company is still investigating what data was compromised. That uncertainty is a data inventory problem, and most organizations share it regardless of sector. They can tell you systems are down. Fewer can tell you exactly what data sat in those systems and who it affects. That gap extends every phase of incident response from materiality determination to customer notification. Complete data inventory is what allows an organization to answer the first question every board and every regulator will ask after a breach. What was taken.”

On May 11, the company announced that the cyber incident response measures temporarily disrupted global operations, including essential processes for shipping, receiving, and manufacturing. As of May 13, enterprise systems have been restored, and some shipping, receiving, and manufacturing processes have been restarted — but not all are back to full operations. 

“The West Pharmaceutical attack is a direct hit on the ‘sterile core’ of the global drug supply chain,” says Damon Small, Board of Directors at Xcape, Inc. “By forcing a proactive global shutdown of manufacturing and shipping, the attackers didn’t just lock servers; they paralyzed the delivery mechanism for approximately 70% of the world’s injectable drugs. This incident demonstrates that in high-stakes manufacturing, the ‘proactive shutdown’ is often as disruptive as the malware itself, creating a massive backlog in a sector where sterile integrity and just-in-time delivery are non-negotiable.

“This breach proves that for critical suppliers, operational downtime is a secondary threat compared to the quiet extortion of proprietary IP. The absence of a public leak site listing suggests West is likely negotiating to protect specialized packaging designs and shipping manifests that represent a single point of failure for giants like Pfizer and Moderna. Restoration of enterprise systems is only half the battle; the ‘phased’ restart of global factories reveals a deep distrust in the underlying OT segmentation that allowed a corporate IT breach to reach the production line.”