West Pharmaceutical Services has confirmed that it suffered a cybersecurity incident that resulted in both data theft and the encryption of parts of its internal network, making it the latest major manufacturing and healthcare-related company to face operational disruption from a cyberattack.
In a filing submitted to the U.S. Securities and Exchange Commission (SEC), the company stated that it identified suspicious activity on May 4, 2026, and later determined on May 7 that an unauthorized actor had exfiltrated certain data and encrypted multiple systems within its environment. The company described the breach as a “material cybersecurity attack,” indicating that the incident was serious enough to potentially affect operations or business continuity.
Following the initial detection of the intrusion, West Pharmaceutical said it immediately activated its incident response procedures. As part of its containment efforts, the company proactively shut down and isolated affected systems across its global infrastructure, restricted access to enterprise resources, informed law enforcement authorities, and brought in external cyber-forensic specialists to assist with the investigation and recovery process.
The investigation into the incident is still ongoing, and the company says it is currently working to determine the full scope and nature of the breach, including exactly what type of information may have been stolen during the attack.
West Pharmaceutical Services is a publicly traded American pharmaceutical manufacturing company and a member of the S&P 500 index. The firm generates more than $3 billion in annual revenue and employs over 10,800 people worldwide. Its business focuses heavily on injectable drug packaging systems, syringe and vial components, containment technologies, and medical drug delivery devices used throughout the healthcare and pharmaceutical sectors.
The cyberattack disrupted several parts of the company’s global operations, particularly systems tied to manufacturing, shipping, and other enterprise functions. West Pharmaceutical stated that some of its core systems supporting production and distribution activities have now been restored, while manufacturing operations have partially resumed in certain areas. However, the company acknowledged that the full restoration process has not yet been completed and did not provide a timeline for when all systems are expected to return to normal operation.
At this stage, the company has also not estimated the financial impact the incident may have on its business.
West Pharmaceutical further stated that it has taken measures intended to reduce the risk of the stolen information being distributed or exposed publicly, although it did not disclose what those mitigation steps involve.
In a statement shared after media inquiries, a company spokesperson said the organization initiated both incident response and crisis management procedures immediately after discovering the intrusion. The company added that containment actions included shutting down and isolating affected on-premises infrastructure, limiting access to enterprise systems, and implementing additional technical and organizational security measures.
West Pharmaceutical also confirmed that it engaged Palo Alto Networks’ Unit 42 incident response team to assist with containment, forensic analysis, and system recovery efforts alongside outside legal counsel and other external experts.
As of now, no ransomware group has publicly claimed responsibility for the attack. However, cybersecurity analysts note that incidents involving both data exfiltration and system encryption often resemble modern double-extortion ransomware operat
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: