Press Release

Committee Leaders Press HHS, Merck for Information Following ‘NotPetya’ Malware Outbreak


WASHINGTON, DC – Energy and Commerce Committee leaders today sent letters to the Department of Health and Human Services (HHS) and Merck regarding the NotPetya malware and potential nexus with the drug supply. The letters were signed by Energy and Commerce Committee Chairman Greg Walden (R-OR) and Oversight and Investigations Subcommittee Chairman Tim Murphy (R-PA).

“On June 27, 2017, a malware infection spread across the globe, affecting the networks and digital assets of companies across a wide range of sectors. The malware – commonly referenced as ‘Petya,’ ‘NotPetya,’ ‘NietPetya,’ among other names – leveraged a known vulnerability to gain access to systems and networks which were then encrypted, rendering them useless to the owners of those assets,” wrote Walden and Murphy. “While the malware was largely contained after the initial outbreak, it had successfully compromised businesses around the world. Known victims come from a variety of sectors including, but not limited to, shipping, food, marketing, oil, and legal. It was widely reported at the time that Merck was among those affected by the NotPetya malware strain.”

The letter cites Merck’s second-quarter 2017 financial outlook as an initial source of information about the malware outbreak and how the company has been impacted.

The leaders wrote, “While there is no evidence, to date, that Merck’s manufacturing disruption has created a risk to patients, it certainly raises concerns. For example, in a recent update on national vaccine supply, the CDC reported that Merck would not be distributing certain formulations of the Hepatitis B vaccine.  While it is unclear whether this is related to the NotPetya disruption, and much of the supply can be filled by other manufacturers, it does raise questions about how the nation is prepared to address a significant disruption to critical medical supplies.”

Click HERE to read the letters.


Press Release