Two Breaches, Two Months, One Pattern
In May 2026, West Pharmaceutical Services disclosed a material ransomware attack in a filing with the Securities and Exchange Commission. Attackers stole data and encrypted systems at a company that makes components used in a large share of the world’s injectable medicines, forcing a global shutdown of manufacturing and shipping while the company recovered. Weeks later, in June, Novo Nordisk reported a security breach that exposed a limited amount of clinical trial information, with certain data copied externally without authorization.
Two of the most recognizable names in biopharmaceuticals, breached two months apart. The specifics differ, but the message does not. This sector is being targeted directly, and the pattern is no longer occasional.
Get the FDA OT Security Guide for Life Sciences
centrexIT has protected regulated and growth-stage organizations across California, Nevada, Arizona, Washington, and Oregon since 2002. We turned the FDA’s operational technology white paper into a practical guide for life sciences leaders.
Download the guide: https://centrexit.com/guides/fda-ot-cybersecurity
Why Life Sciences Sits in the Crosshairs
Attackers follow value, and few sectors hold more of it than life sciences. Clinical trial data, intellectual property, and the manufacturing processes behind a product are exactly the assets that make an organization valuable, and exactly the assets a breach can compromise. The cost reflects it. Pharmaceutical data breaches carry among the highest average costs of any industry, roughly 4.6 million dollars per incident according to IBM’s 2025 report.
The target has also shifted. Manufacturing has become the most attacked critical-infrastructure sector, and ransomware activity climbed sharply through 2025. For a life sciences company, that means the factory floor is now part of the same risk picture as the research lab and the data center.
The Warning the FDA Sent a Year Early
None of this should have been a surprise. In June 2025, the FDA released a white paper titled Securing Technology and Equipment (Operational Technology) Used for Medical Product Manufacturing. It is worth reading for what it is: not a regulation and not a mandate, but a clear signal of where the agency’s attention is heading.
That signal filled a gap. The FDA had spent years setting expectations for the cybersecurity of medical devices themselves. This white paper addressed the missing middle, the environment where those products are made. Its core point is uncomfortable and correct. The operational technology on a manufacturing floor, the programmable controllers, connected systems, and smart equipment, was engineered to keep running, not to defend itself. Much of it does not meet recognized cybersecurity standards by default. You can design a secure device and still put patients at risk if it is produced in a compromised facility.
What the FDA Actually Asks For
The white paper organizes its recommendations into three areas, and each translates into something practical.
- Technical information exchange. Know what you have. Build a complete inventory of every connected system on the plant floor, including modules embedded inside other equipment, and request a software bill of materials from your vendors so you can trace each component’s security profile.
- Security standards and compliance. Map your controls to recognized frameworks rather than inventing your own, using NIST, FIPS 140-2/3, and CISA best practices as the shared language between your quality, IT, and OT teams.
- Security by design. Build protection in. Segment operational technology from IT and from the internet, enforce least-privilege access with strong authentication, and monitor continuously for unusual behavior.
There is a hard part the paper does not shy away from. In a GxP environment, the obvious security move, patch quickly, collides with a real obligation, because changes to validated systems require change control and revalidation. Attackers know regulated manufacturers have a low tolerance for downtime, and they use it. The answer is a risk-based approach: prioritize by exposure, lean on compensating controls like segmentation and monitoring where a patch cannot be applied quickly, and document everything through your existing change process so security work strengthens your quality record instead of threatening it.
What Life Sciences Leaders Can Do This Quarter
You do not need an enterprise budget to respond to this. You need the fundamentals done consistently, and you need to start with visibility, because you cannot protect an attack surface you cannot see. Knowing what is connected, what runs unsupported software, and who can reach critical systems is the foundation for every other step.
From there, the priorities are the ones the FDA named: shrink what is exposed, segment the manufacturing environment, tighten access, and build a patching plan that respects validation. This is where our approach lives. People-First. AI-Amplified. People who understand your GxP obligations make the decisions, and AI gives them the speed and reach to inventory assets, watch OT traffic, and respond faster than an attacker can move.
Get the FDA OT Security Guide for Life Sciences
Our guide covers what the FDA white paper asks for, the patching-versus-validation tension in detail, and a first-90-days plan you can act on. centrexIT is a Biocom California endorsed partner and has served life sciences organizations since 2002. People-First. AI-Amplified.
Download the guide: https://centrexit.com/guides/fda-ot-cybersecurity
Or take the 2-minute cybersecurity assessment: https://centrexit.com/cyber-security-readiness-assessment/
Sources
- Security Boulevard: West Pharmaceutical Services Hit by Disruptive Ransomware Attack (May 2026)
- BleepingComputer: Pharmaceutical giant Novo Nordisk discloses security breach (June 2026)
- Novo Nordisk: IT Security Incident update (June 2026)
- U.S. Food and Drug Administration, Securing Technology and Equipment (Operational Technology) Used for Medical Product Manufacturing (white paper, June 2025)
- IBM, Cost of a Data Breach Report 2025 (pharmaceutical breach cost)
- Honeywell, 2025 Cyber Threat Report (ransomware increase; manufacturing as a top target)
The centrexIT team brings decades of combined IT expertise, helping San Diego businesses thrive with secure, reliable technology solutions.
Meet Our Team