Supernus Pharmaceuticals Targeted by Hive Ransomware Group

Supernus Pharmaceuticals, a biopharmaceutical company listed on NASDAQ under the ticker symbol SUPN, fell victim to a cyberattack orchestrated by the Hive ransomware group in mid-November 2021. Operating within the Healthcare Services sector, the company acknowledged the breach led to the exfiltration of a substantial volume of data from its network.

Despite the severity of the attack, Supernus Pharmaceuticals maintained that its operations continued without significant disruption. The company also indicated its decision against paying the ransom demanded by the attackers. Efforts were promptly initiated to recover the compromised files, alongside measures to fortify the security of its network and data repositories.

The Hive ransomware group took responsibility for the cyber intrusion, revealing that they had penetrated Supernus Pharmaceuticals’ network on November 14. They succeeded in exfiltrating approximately 1,268,906 files, which equates to 1.5 terabytes of data. The group also threatened to publish the stolen data online, criticizing the company for not disclosing the incident in their recent 8-K Form submission to the Securities and Exchange Commission (SEC).

The Healthcare Services sector, where Supernus Pharmaceuticals is a key player, is inherently sensitive and necessitates stringent cybersecurity protocols to safeguard critical patient and corporate information. Although specific vulnerabilities exploited by the attackers were not disclosed, the incident underscores the imperative for robust security measures to thwart such breaches.

Sources

• Supernus Pharmaceuticals Targeted in Ransomware Incident - Yahoo Finance
• Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware - Security Affairs
• Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data - Security Week
• Supernus Pharmaceuticals Targeted in Ransomware Incident - The Globe and Mail